The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface detected. The skill crawls and ingests data from external websites, which is then processed by the LLM in an optimized format. * Ingestion points: Data retrieved via seomator audit <url> in SKILL.md and references/cli-reference.md. * Boundary markers: There are no explicit delimiters or system instructions to prevent the LLM from following malicious instructions potentially embedded in the audited site's metadata or content. * Capability inventory: The skill can execute shell commands (npm, seomator). * Sanitization: No content validation or sanitization of the audited website's data is described before it is provided to the agent.
[COMMAND_EXECUTION]: The skill executes multiple shell commands to manage its environment, including npm install -g @seomator/seo-audit, npx playwright install chromium, and various seomator audit commands.
[EXTERNAL_DOWNLOADS]: Fetches the core audit tool from the NPM registry and downloads Chromium for Core Web Vitals metrics. These are documented as standard operational requirements for the skill.
[COMMAND_EXECUTION]: The references/troubleshooting.md file suggests using sudo for global package installation and disabling TLS certificate verification via the NODE_TLS_REJECT_UNAUTHORIZED=0 environment variable, both of which bypass security best practices.

seo-audit