google-indexing
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions and associated Python scripts access a local file named 'service-account.json'. This file is expected to contain sensitive Google Cloud service account keys, including private keys and client emails.
- [EXTERNAL_DOWNLOADS]: The skill uses the 'requests' library to fetch sitemap XML content from external URLs provided by the user or extracted from other sitemaps. These downloads are processed to extract URLs for indexing.
- [COMMAND_EXECUTION]: The skill includes a 'python3 -c' shell command to read, parse, and validate the content of the service account JSON file, displaying internal project metadata.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its sitemap parsing logic.
- Ingestion points: The 'parse_sitemap' function in 'SKILL.md' fetches data from external URLs.
- Boundary markers: Absent. There are no delimiters or instructions to ignore instructions embedded within the sitemap content.
- Capability inventory: Subprocess calls via 'python3 -c' and network operations via 'requests.post' to the Google Indexing API.
- Sanitization: Absent. The skill extracts text from XML 'loc' tags and uses them directly in network requests without validation.
Audit Metadata