seo-baseline

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] BENIGN. The skill fragment is coherently aligned with a basic SEO baseline task, uses safe read-only data collection, and does not introduce credential requirements, external services, or suspicious data flows. It appears proportionate to its stated purpose and maintains data flow integrity. The improved version explicitly frames remediation steps, adds clear success criteria, and emphasizes consent and data minimization for logs. LLM verification: This skill is functionally consistent with its stated purpose (quick SEO baseline). It does not contain clear malicious code or data-exfiltration instructions in the provided content. The main security concerns are supply-chain and operational: unpinned npm dependency installation (pnpm add next-sitemap) and reliance on an unspecified local image-generation script (~/.claude/skills/gemini-imagegen/scripts/generate_image.py) which should be audited before execution. Additionally, care should be t