seo-geo
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes content from external, untrusted websites.
- Ingestion points: The
scripts/seo_audit.pyscript fetches HTML content from arbitrary URLs. Additionally, various scripts fetch data from the DataForSEO API. - Boundary markers: The output from the audit and research scripts is presented to the agent without explicit boundary markers or instructions to ignore embedded commands.
- Capability inventory: The skill possesses the capability to execute shell commands (
curl), run local Python scripts, and perform network operations. - Sanitization: While
scripts/seo_audit.pyuses regex to extract specific tags, the extracted text (like titles and descriptions) is not sanitized for malicious instructions. - [COMMAND_EXECUTION]: The
SKILL.mdworkflow instructs the agent to execute shell commands usingcurlandgrepto inspect live websites, as well as several local Python scripts located in thescripts/directory. - [EXTERNAL_DOWNLOADS]: The skill's primary function involves downloading content from external URLs (via
curlandurllib.request) and interacting with the DataForSEO API endpoint (https://api.dataforseo.com/v3). - [REMOTE_CODE_EXECUTION]: A documentation file (
references/schema-templates.md) contains a high-risk command pattern (curl -fsSL example.com/install.sh | bash) within a JSON-LD example. Although intended as a template for website FAQ content, it could be misinterpreted or accidentally executed by an AI agent. - [CREDENTIALS_UNSAFE]: The skill requires
DATAFORSEO_LOGINandDATAFORSEO_PASSWORDenvironment variables. These are handled using standardos.environ.getpatterns inscripts/credential.py, which is generally acceptable but requires users to manage secrets locally.
Audit Metadata