keyword-research
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
suggest.py,firecrawl.py,pageviews.py) located within the${CLAUDE_PLUGIN_ROOT}/scripts/connectors/directory to perform data harvesting and analysis tasks. - [EXTERNAL_DOWNLOADS]: The skill interacts with external services to gather research data, including Google's autocomplete endpoint, Wikipedia's pageview statistics, and the Firecrawl search API. These references to well-known technology services are standard for SEO research and do not represent a security risk.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes and interprets data from external sources (search results and autocomplete suggestions).
- Ingestion points: Data retrieved from external SEO connectors during the 'Discover' and 'GEO-Check' phases.
- Boundary markers: No explicit delimiters are specified to separate external content from system instructions in the prompt templates.
- Capability inventory: The skill's primary capabilities include executing shell-based data connectors and writing research deliverables to the local filesystem (
memory/research/). - Sanitization: No specific sanitization or filtering logic is mentioned for the external data before it is presented to the agent.
Audit Metadata