The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from untrusted external websites.
Ingestion points: The skill ingests data from arbitrary external URLs via the WebFetch tool during commands like /seo page and /seo technical in SKILL.md.
Boundary markers: There are no explicit markers or instructions defined to prevent the agent from executing commands found within the fetched external content.
Capability inventory: The skill possesses extensive capabilities including Bash execution, WebFetch, and file system access (Read, Glob, Grep), which could be misused if malicious instructions are injected.
Sanitization: The orchestration logic lacks explicit sanitization, validation, or filtering of the content retrieved from external sources before it is processed by the agent context.
[EXTERNAL_DOWNLOADS]: The skill documentation references external packages and services.
Reference: The SKILL.md file recommends the installation of squirrelscan via npm i -g squirrelscan. This tool is presented as a vendor resource for the skill.
Reference: The references/cwv-thresholds.md file references lighthouse and the Google PageSpeed Insights API, which are provided by a trusted organization (Google).

seo