seo-optimizing
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes search query data retrieved from Google Search Console. Since these queries are generated by external users on the internet, they represent an untrusted data source.\n
- Ingestion points: Search query text is ingested from gsc-query-page-28d.json.\n
- Boundary markers: No specific delimiters or instructions are used to prevent the agent from following commands potentially embedded within query strings.\n
- Capability inventory: The skill has access to curl for network operations and python3 for executing data analysis scripts.\n
- Sanitization: Data processing scripts convert metrics to numbers but do not sanitize or escape the query text before it is presented to the model.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to official Google APIs (googleapis.com) to fetch search performance data. These are well-known technology services and are documented for intended functionality.\n- [COMMAND_EXECUTION]: The skill executes multiple python3 one-liners to analyze JSON files and filter metrics. These commands are executed locally using data fetched from the GSC API.\n- [CREDENTIALS_UNSAFE]: The skill requires access to a Google Service Account JSON key path, which is stored in a local .env file. The initialization script sources this file and echoes the configuration path to the console. Accessing service account credentials is a sensitive operation necessary for the skill's primary function.
Audit Metadata