blog
Pass
Audited by Gen Agent Trust Hub on May 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes external assets from well-known and reputable services such as Pixabay, Unsplash, Pexels, and official Google APIs. All network references identified are for legitimate research and media integration purposes.
- [SAFE]: No malicious prompt injection or override instructions were detected in the instructions. While the skill processes external data (URLs and documents), which is an attack surface for indirect prompt injection, this is inherent to its primary purpose as an auditing tool and is not considered a finding.
- [SAFE]: The skill accesses its own configuration directory at
~/.config/claude-seo/google-api.json. This is a documented mechanism for sharing API credentials with its companion tools and does not constitute unauthorized access to sensitive system files. - [SAFE]: The skill mentions performing local content scoring using Python 3.11+. No suspicious command execution, privilege escalation attempts, or persistence mechanisms were discovered in the provided file set.
Audit Metadata