seo-content-writer
Warn
Audited by Snyk on Apr 28, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly instructs the agent to "Research and Plan — analyze the SERP" and to use competitor URLs and external citations (see SKILL.md Data Sources and references/instructions-detail.md which requires competitor URLs and "Include at least 1 external citation per 500 words"), meaning the agent is expected to fetch and interpret public third‑party pages that can influence content and decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.70). The skill explicitly states it "Reads" and "Load[s] CORE-EEAT Constraints" from external GitHub files (e.g. https://github.com/aaron-he-zhu/seo-geo-claude-skills/blob/main/CLAUDE.md and https://github.com/aaron-he-zhu/seo-geo-claude-skills/blob/main/build/seo-content-writer/references/instructions-detail.md), which indicates these URLs may be fetched at runtime and the fetched documents directly control the agent's prompting/instruction behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata