seo-audit
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded internal header 'x-sop-internal' found in SKILL.md. This token is used to bypass WAF protections on the vendor's domain.
- [COMMAND_EXECUTION]: Instructions to execute local scripts 'npm run check-links' and 'npm run check-hreflang' within the environment to perform site structure validation.
- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection through data ingestion when auditing external websites.
- Ingestion points: Use of 'web_fetch' and 'curl' to retrieve and process HTML content from remote URLs.
- Boundary markers: Absent; the skill lacks delimiters or explicit instructions to the agent to ignore any command-like content found within the fetched data.
- Capability inventory: Access to shell execution ('npm run') and network utilities ('curl').
- Sanitization: Absent; content from external sources is analyzed directly without filtering or validation of the remote content's instructions.
Audit Metadata