seo-opportunity-finder
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python and Node.js scripts to perform site cataloging and competitor domain analysis. These scripts are part of referenced sub-skills within the same repository structure.
- Evidence: Execution of
python3 skills/site-content-catalog/scripts/catalog_site.pyandnode skills/seo-domain-analyzer/src/cli.js analyze. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from external websites.
- Ingestion points: Content is ingested from user-provided URLs and competitor domains via site crawling and Apify scrapers.
- Boundary markers: There are no explicit instructions or delimiters mentioned to isolate ingested content from the agent's instructions.
- Capability inventory: The skill has the ability to execute subprocesses (Python/Node) and write files to the local file system (e.g.,
clients/directory). - Sanitization: No sanitization or filtering logic is described to prevent malicious instructions embedded in the scraped HTML or metadata from influencing the agent's output.
Audit Metadata