seo-geo-optimizer
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator script
scripts/auto_implementer.pyusessubprocess.runto execute other Python scripts within the skill's directory (e.g.,audit_report.py,content_optimizer.py). While this is used for internal orchestration, it represents a local execution surface. - [EXTERNAL_DOWNLOADS]: The script
scripts/indexnow_submit.pyperforms network operations usingurllib.request.urlopento submit URLs to search engine indexing endpoints such as Bing and Yandex. These are well-known services and part of the skill's primary functionality for Generative Engine Optimization (GEO). - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting and parsing untrusted data from user-provided content files.
- Ingestion points:
scripts/analyze_content.pyandscripts/keyword_analyzer.pyread and process local HTML, Markdown, and JSX files. - Boundary markers: The scripts use standard HTML/Markdown parsing and regular expressions to extract specific tags, but do not implement explicit instructions to ignore embedded AI commands within the content.
- Capability inventory: The skill possesses capabilities for shell command execution (via subprocess orchestration in
auto_implementer.py) and network communication (viaindexnow_submit.py). - Sanitization: Basic text cleaning and HTML tag removal are performed during processing.
Audit Metadata