seo-optimization
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes 'npx lighthouse' to perform technical audits. This command downloads the Lighthouse CLI from the npm registry. Since Lighthouse is a well-known auditing tool developed by Google, this is a standard and safe external dependency.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external data. (1) Ingestion points: Untrusted content is fetched from external URLs via 'WebFetch' and 'curl' during technical SEO audits. (2) Boundary markers: No explicit delimiters or 'ignore' instructions are provided to the agent to prevent it from following commands embedded in the fetched content. (3) Capability inventory: The agent has high-capability tools at its disposal, including 'Bash' for shell execution and 'Write'/'Edit' for file system operations. (4) Sanitization: The skill does not perform any sanitization or validation of external web content before it is processed by the agent.
Audit Metadata