seo-audit
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network operations and accesses local environment files to gather context for its audit.
- Evidence:
- Accesses local files
.agents/product-marketing-context.mdand.claude/product-marketing-context.mdto retrieve business and marketing context. - Uses
curlandweb_fetchto perform network requests to external domains for the purpose of analyzing site health, robots.txt, and sitemaps. - [PROMPT_INJECTION]: The skill has an inherent vulnerability to indirect prompt injection (Category 8) due to its data ingestion surface.
- Ingestion points: External website content and metadata retrieved via
web_fetchandcurlcommands (SKILL.md). - Boundary markers: Absent; there are no instructions to the agent to treat fetched web content as untrusted data or to use specific delimiters to isolate it from instructions.
- Capability inventory: The skill utilizes
web_fetchandcurlfor network retrieval and is instructed to perform analysis based on the retrieved data. - Sanitization: Absent; the skill does not specify any validation, filtering, or escaping of the HTML or text content received from external sources before processing.
Audit Metadata