gsc
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.mddirect the agent to execute shell commands (open,xdg-open, orstart) to automatically launch the user's web browser after generating an HTML report.\n- [COMMAND_EXECUTION]: The setup guide instructs the agent to assist the user in modifying sensitive shell configuration files (~/.bashrc,~/.zshrc) to store OAuth2 credentials, which acts as a persistence mechanism.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the Google Search Console API.\n - Ingestion points: SEO data including queries and page titles is retrieved via
scripts/gsc-fetch.mjs.\n - Boundary markers: The prompt does not use delimiters to isolate the external data or instruct the agent to ignore instructions embedded within the fetched metrics.\n
- Capability inventory: The skill can write files, perform network requests, and execute system commands to launch applications.\n
- Sanitization: There is no evidence of validation or sanitization for the SEO data retrieved from the Google API before it is processed by the AI agent.\n- [EXTERNAL_DOWNLOADS]: The skill connects to official Google domains (
googleapis.comandoauth2.googleapis.com) to manage authentication and retrieve search performance data.
Audit Metadata