seo-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted data from external URLs which can lead to indirect prompt injection attacks.
- Ingestion points: The
WebFetchtool is used in Step 2 to retrieve HTML content from user-provided URLs. - Boundary markers: There are no explicit delimiters or instructions to the agent to ignore or sanitize embedded instructions within the fetched HTML elements (Title, Meta tags, H1-H6, etc.).
- Capability inventory: The skill uses the
Writetool to save reports to~/.claude/cache/seo/and theWebSearchtool for technical information. This combination of processing untrusted content and having write access to the filesystem increases the risk significantly. - Sanitization: No sanitization or validation of the fetched text is performed before it is analyzed or written to the report file.
- [Data Exposure & Exfiltration] (LOW): The skill writes analysis reports to the local filesystem at
~/.claude/cache/seo/. While intended for caching, this constitutes a file-system write operation based on data derived from external sources.
Recommendations
- AI detected serious security threats
Audit Metadata