Skills
skills/tool-belt/skills/seo-content-brief/Gen Agent Trust Hub

seo-content-brief

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install an external CLI tool ('infsh') from a remote GitHub repository (https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md).
  • [COMMAND_EXECUTION]: The skill uses npx to install and add external skill packages (e.g., npx skills add inference-sh/skills@seo), which involves downloading and executing code from external sources.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data from the web.
  • Ingestion points: Data is retrieved via tavily/search-assistant, exa/search, and tavily/extract (SKILL.md).
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the retrieved search results or extracted website content.
  • Capability inventory: The skill utilizes the infsh Bash tool to run various applications and search commands.
  • Sanitization: No evidence of sanitization or validation of the external content is provided before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 08:01 AM