google-search-console
Fail
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation and setup guide recommend installing the 'uv' package manager using a remote script from astral.sh. Astral is a well-known technology provider, and this is a standard installation method for the tool.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests data from external sources (Google Search Console reports and PageSpeed Insights results) which may contain content from third-party websites.\n
- Ingestion points: Untrusted data enters the agent context through search analytics queries in analytics.py, URL inspection results in inspect_url.py, and PageSpeed/Lighthouse audit data in pagespeed.py.\n
- Boundary markers: Absent. The skill does not explicitly provide delimiters or instructions to ignore potential instructions embedded in the search data or PageSpeed reports.\n
- Capability inventory: The skill performs authenticated network requests to Google APIs and file system writes for configuration management.\n
- Sanitization: Output is provided as structured JSON, which helps prevent accidental interpretation of data as code, but does not sanitize the text content for the agent.\n- [SAFE]: No evidence of malicious behavior, credential exfiltration, or unauthorized persistence was found. Authentication is handled via standard OAuth 2.0 flows, and sensitive configuration values are masked in display commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata