30x-seo-monitor
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions include the command
npx -y mcp-server-gsc, which downloads and executes a package from the npm registry at runtime without version pinning or source verification.- [REMOTE_CODE_EXECUTION]: The use ofnpxto run a third-party server represents remote code execution, as the package content is fetched and run on the user's system.- [DATA_EXPOSURE]: The configuration referencesGOOGLE_CREDENTIALS_PATHand/path/to/credentials.json. Accessing these sensitive authentication files is a prerequisite for the skill's operation, presenting a risk if the agent or skill were compromised.- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process and display search query data from the Google Search Console API, which is an untrusted external source that could be manipulated by third parties to include malicious instructions. - Ingestion points: Google Search Console API query and page data ingested via the MCP server or CLI.
- Boundary markers: No explicit delimiters or instructions to ignore embedded content are defined for the data processing step.
- Capability inventory: The skill has access to the
BashandReadtools, which could be exploited if an injection occurs. - Sanitization: No sanitization or validation of the ingested query strings is specified in the skill documentation.
Audit Metadata