seo-baseline
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): Uses
curlto fetch the first 200 lines of a webpage and specific files likesitemap.xmlandrobots.txt. This behavior is the core intended functionality of the SEO tool. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from external websites via
curland browser automation (mcp__claude-in-chrome). - Ingestion points:
curl -s "$URL"andnavigate to URLcommands inSKILL.md. - Boundary markers: None. The skill processes fetched text directly.
- Capability inventory: Shell command execution (
curl) and local script execution (generate_image.py). - Sanitization: No sanitization is performed on the fetched content before it is parsed by the agent. An attacker could theoretically embed instructions in meta tags to manipulate the SEO report.
- [DYNAMIC_EXECUTION] (LOW): The skill references an external Python script at
~/.claude/skills/gemini-imagegen/scripts/generate_image.py. This is a cross-skill dependency used for the optional 'Quick Fix' of generating OG images. While this execution happens from a specific local path, it assumes the presence and safety of the secondary skill. - [EXTERNAL_DOWNLOADS] (SAFE): Suggests the installation of
next-sitemapviapnpm, which is a standard, reputable package for Next.js SEO optimization.
Audit Metadata