blog-cannibalization
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to
api.dataforseo.com. This is a well-known SEO data provider and the interaction is documented as part of the skill's optional API mode. - [DATA_EXPOSURE]: The skill reads local content files (.md, .mdx, .html) and accesses environment variables (
DATAFORSEO_LOGIN,DATAFORSEO_PASSWORD) for API authentication. These operations are consistent with the stated purpose of analyzing blog content and using a third-party SEO service. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted user-generated content from blog posts.
- Ingestion points: Local file scanning of markdown and HTML files (
SKILL.md). - Boundary markers: No specific delimiters or instructions to ignore embedded prompts in analyzed files are mentioned.
- Capability inventory: File reading (
Glob,Grep), network operations (WebFetch). - Sanitization: No evidence of sanitization or filtering for the content of the blog posts before processing.
Audit Metadata