Skills
skills/openclaudia/openclaudia-skills/seo-content-brief/Gen Agent Trust Hub

seo-content-brief

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill uses curl within a bash block to fetch data from the SemRush API. It interpolates the {keyword} variable directly into the shell command string, which could lead to command injection if the input is not properly sanitized.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill makes network requests to api.semrush.com. This domain is not on the list of trusted external sources, though it is consistent with the skill's purpose.
  • [DATA_EXFILTRATION] (LOW): User-provided keywords are transmitted to the external SemRush API via GET requests.
  • [PROMPT_INJECTION] (LOW): (Category 8: Indirect Prompt Injection) The skill ingests data from WebSearch and external API responses. 1. Ingestion points: Web search results and SemRush API JSON data. 2. Boundary markers: Absent; there are no instructions to the agent to disregard instructions embedded within the search data. 3. Capability inventory: curl subprocess execution and WebSearch tool access. 4. Sanitization: Absent; the external data is used directly to construct the content brief.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:08 PM