seo-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill fetches public-facing information such as HTML content, robots.txt, and sitemap.xml. It also utilizes the official Google PageSpeed API for performance metrics. While it can inspect local codebase files like
next.config.jsorapp/layout.tsx, this is restricted to the context of a technical SEO review explicitly requested by the user. No unauthorized data exfiltration or credential leaks were found. - [Remote Code Execution] (SAFE): There are no patterns of remote code execution, piped shell commands, or dynamic code evaluation. The skill operates within the confines of data analysis and report generation.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data (website content). While this creates a surface for indirect prompt injection, the risk is categorized as low because the skill lacks dangerous capabilities like file writing or system command execution; its output is limited to a structured markdown report.
- [External Downloads] (SAFE): The skill references the Google PageSpeed API, which is a trusted service for the intended SEO purpose. No unknown or untrusted third-party dependencies are required.
Audit Metadata