seo-aeo-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (SAFE): The bash scripts execute
lighthouse,curl, andpython3for their intended purposes. Commands are constructed using variables within double quotes to mitigate simple shell injection. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): The script
scripts/lighthouse.shrecommends installing thelighthousepackage via the official NPM registry, which is a trusted source. - [Data Exposure & Exfiltration] (SAFE): Data is sent via
curltogoogleapis.com, which is a trusted domain. The PageSpeed API key is required as an environment variable (PAGESPEED_API_KEY) rather than being hardcoded in the source, preventing accidental credential exposure. - [Indirect Prompt Injection] (LOW): The skill fetches data from arbitrary external URLs provided by the user or agent. If an agent subsequently reads the generated JSON reports, it could ingest untrusted content embedded in those pages.
- Ingestion points: Target URLs processed in
scripts/lighthouse.shandscripts/pagespeed.sh. - Boundary markers: None; results are saved as raw JSON reports.
- Capability inventory:
curl(network),lighthouse(CLI execution). - Sanitization: Filenames are sanitized using
sedto remove protocol and special characters; URLs are encoded using a Python helper. - [Dynamic Execution] (LOW):
scripts/pagespeed.shuses an inline Python heredoc to perform URL encoding. While this involves generating script content at runtime, it uses a static template and is considered low risk.
Audit Metadata