The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a central runner script (scripts/run.py) and an environment setup script (scripts/setup_environment.py) to manage a local virtual environment and execute internal Python scripts. These subprocess calls are used for functional purposes and are restricted to the skill's own file structure.
[EXTERNAL_DOWNLOADS]: The skill fetches data from several official Google API endpoints (PageSpeed Insights, CrUX, Search Console, GA4, YouTube, Natural Language). It also downloads content from user-provided URLs to perform SEO and NLP analysis. All remote resources identified are legitimate and consistent with the skill's stated purpose.
[DATA_EXFILTRATION]: The skill accesses configuration files located in the user's home directory (~/.config/claude-seo/) to store and retrieve API credentials. This behavior is documented and follows standard practices for local CLI tools. No evidence of unauthorized data transmission to third-party domains was found.
[PROMPT_INJECTION]: The skill's instructions and metadata do not contain any patterns associated with prompt injection, safety filter bypasses, or instructions to disregard previous rules.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface in scripts/nlp_analyze.py and scripts/pagespeed_check.py, which fetch content from external websites. Maliciously crafted content on these pages could potentially contain instructions aimed at the agent.
Ingestion points: External URLs fetched by nlp_analyze.py and pagespeed_check.py.
Boundary markers: None present; content is processed and returned to the agent without explicit delimitation for the LLM.
Capability inventory: Subprocess execution of internal scripts (run.py), file-writing (google_report.py), and write access to Search Console (indexing_notify.py).
Sanitization: nlp_analyze.py includes basic HTML stripping using BeautifulSoup or regex, but this is for text extraction rather than security sanitization.

blog-google