Skills
skills/zubair-trabzada/geo-seo-claude/geo-audit/Gen Agent Trust Hub

geo-audit

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its reliance on untrusted external data.\n
  • Ingestion points: The WebFetch tool is used in Phase 1 to retrieve content from arbitrary user-provided URLs, including homepages, sitemaps, and internal links.\n
  • Boundary markers: The instructions do not define delimiters or provide guidance for the agent to ignore natural language instructions that might be hidden in the fetched HTML, meta tags, or structured data.\n
  • Capability inventory: The skill has access to powerful tools including Bash, Write, and WebFetch, which increases the potential impact if the agent is manipulated via an injection.\n
  • Sanitization: There is no requirement or mechanism mentioned to sanitize, filter, or validate the retrieved content before it is analyzed by the parallel subagents in Phase 2.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 05:46 PM