internal-linking-optimizer
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from URLs and sitemaps, creating a potential vector for indirect prompt injection.\n
- Ingestion points: Data is fetched from user-provided domains and URLs for link graph analysis.\n
- Boundary markers: The skill lacks explicit separators or instructions to mitigate the risk of following commands embedded within analyzed external content.\n
- Capability inventory: The skill's operations are limited to report generation and strategic advice; no file modification or shell command execution capabilities are present.\n
- Sanitization: There is no mention of filtering or validating content retrieved from the web.\n- [EXTERNAL_DOWNLOADS]: The documentation references external skill installation via a CLI tool.\n
- Evidence:
SKILL.mdprovides an installation command:npx skills add aaron-he-zhu/seo-geo-claude-skills.\n - Context: This command points to the author's own repository for skill distribution and is intended for user-initiated installation.
Audit Metadata