technical-seo
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill requires the agent to crawl and analyze external web content, which can serve as a vector for instructions targeting the agent's behavior.
- Ingestion points: 'SKILL.md' (Audit Workflow Step 1) and 'TECHNICAL-AUDIT.md' (Running a Technical Audit section) direct the agent to 'Crawl the target URL' and process its content.
- Boundary markers: The skill instructions do not specify any delimiters or safety markers to isolate the content of audited pages from the agent's core instructions.
- Capability inventory: Prompt templates in 'ON-PAGE-SEO.md' and 'TECHNICAL-AUDIT.md' ('Optimize all images', 'Add JSON-LD schema', 'Update robots.txt') imply the agent has the capability to modify the local file system.
- Sanitization: The workflow lacks steps for sanitizing, filtering, or validating external content retrieved during crawls before it is interpreted by the agent.
Audit Metadata