seo-agent
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: Potential shell and Python command injection in scripts. The scripts interpolate the $SITE variable into a python3 -c command string using double quotes. If the site URL or name contains subshell executions or Python escapes, it can lead to arbitrary code execution.
- Evidence: scripts/seo-discover.sh and scripts/seo-monitor.sh use ENCODED_SITE=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$SITE', safe=''))" ...).
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted external data.
- Ingestion points: scripts/seo-discover.sh (Google Search Console and DataForSEO API), scripts/seo-monitor.sh (Google Search Console), and scripts/seo-compete.sh (DataForSEO API).
- Boundary markers (absent): No delimiters or instructions are used to separate external API data from the agent's internal logic.
- Capability inventory: The skill can execute shell scripts (via curl, jq), perform network operations to arbitrary SEO APIs, and manage local files (snapshots in workspace/seo-agent/snapshots/).
- Sanitization (absent): While jq is used for JSON parsing, the content of queries and keywords is not sanitized or validated for malicious instructions.
- [CREDENTIALS_UNSAFE]: Sensitive credentials for DataForSEO are passed via command-line arguments, exposing them in the system process list.
- Evidence: scripts/seo-compete.sh and scripts/seo-discover.sh define DFS_AUTH="-u ${DATAFORSEO_LOGIN}:${DATAFORSEO_PASSWORD}" for use with curl.
Audit Metadata