Skills
skills/zubair-trabzada/geo-seo-claude/geo-compare/Gen Agent Trust Hub

geo-compare

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests data from external audit files located in ~/.geo-prospects/audits/ to calculate progress metrics. These files represent untrusted input sources.\n
  • Ingestion points: Audit files are identified and parsed in Step 1 and Step 2 of the workflow to extract scores and status.\n
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands or instructions embedded within the audit file content during parsing.\n
  • Capability inventory: The skill utilizes Read, Write, and Bash tools, which provide the agent with the ability to execute commands and modify the file system if malicious instructions were successfully injected.\n
  • Sanitization: No explicit sanitization or validation of the audit file content is performed before the agent extracts data or generates the report.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for local file discovery and directory navigation within the ~/.geo-prospects/ path. While this aligns with the described workflow for managing a local database of audits, it grants the agent broad command execution capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 01:48 PM