Skills
skills/agricidaniel/claude-seo/seo-ecommerce/Gen Agent Trust Hub

seo-ecommerce

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill fetches and parses external product pages using scripts/fetch_page.py and scripts/parse_html.py, which introduces a surface for indirect prompt injection. Malicious instructions contained within the HTML of a processed website could influence the agent's behavior.
  • Ingestion points: scripts/fetch_page.py (SKILL.md)
  • Boundary markers: Absent
  • Capability inventory: Subprocess calls (python scripts/...), network operations (DataForSEO API)
  • Sanitization: Absent
  • [COMMAND_EXECUTION]: User-provided inputs such as <url> and <keyword> are passed directly into shell commands (e.g., python scripts/fetch_page.py <url> and python scripts/dataforseo_merchant.py search "<keyword>"). This pattern relies on the underlying execution environment to prevent command injection via shell metacharacters.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 10:12 PM