astro-seo
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard Astro integrations like @astrojs/sitemap and common development tools like html-validate. No malicious or untrusted remote code execution patterns were found.
- Category 2: Data Exposure & Exfiltration (SAFE): The code snippets use generic placeholders for business contact information (e.g., '123 High Street', '+44...') and does not attempt to access sensitive system files or environment variables.
- Category 8: Indirect Prompt Injection (SAFE): While the SEO components ingest user-provided data (titles, descriptions) for rendering, this is a standard pattern for static site generators. The use of JSON.stringify for structured data is a security best practice to prevent injection in script tags.
- Category 10: Dynamic Execution (SAFE): The skill uses standard Astro patterns for generating static HTML and JSON-LD. No unsafe runtime execution of dynamically generated code was detected.
Audit Metadata