The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation in SKILL.md references the installation and use of the squirrelscan package via npm i -g squirrelscan. While primarily presented as a user-facing command, the skill's environment allows the Bash tool, enabling potential automated execution.
[COMMAND_EXECUTION]: The skill facilitates the execution of CLI-based tools like lighthouse (via npx) and squirrelscan. These tools are used for technical SEO and performance auditing within the Bash environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing untrusted external data.
Ingestion points: The WebFetch tool is used to retrieve content from user-provided URLs for analysis in commands such as /seo page <url> and /seo technical <url> as defined in SKILL.md.
Boundary markers: The skill files do not specify any boundary markers or instructions to the agent to ignore potential instructions embedded within the fetched HTML, metadata, or structured data.
Capability inventory: The skill has access to powerful tools including Bash, Read, Grep, Glob, and WebFetch across all 23 sub-skills.
Sanitization: There is no evidence of content sanitization or validation routines to filter out malicious prompts or control tokens from the ingested web content before it is processed by the agent.

seo