google-news-seo
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to fetch and process web data, including
curl,mktemp,sed,python3, andrm. These commands are used to download article HTML and manage temporary processing files. - [REMOTE_CODE_EXECUTION]: The skill employs a dynamic execution pattern where it generates a Python script (
/tmp/extract_jsonld.py) at runtime using a heredoc and subsequently executes it. This script processes content retrieved from external, user-provided URLs. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from external websites via
web_fetchandcurlto perform SEO and EEAT audits. - Ingestion points: External article HTML and JSON-LD metadata fetched from user-provided URLs in
SKILL.md(Section 1 and 7). - Boundary markers: None detected; the agent is not instructed to ignore embedded instructions within the fetched HTML.
- Capability inventory: The skill has the ability to execute shell commands (
curl,python3,sed) and perform file system operations (mktemp,rm) inSKILL.md. - Sanitization: There is no evidence of sanitization or filtering of the fetched web content before it is processed by the agent or the dynamic Python script.
Audit Metadata