Skills
skills/agricidaniel/claude-seo/seo-flow/Gen Agent Trust Hub

seo-flow

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The orchestration logic for the /seo flow sync command executes a local Python script at scripts/sync_flow.py. Because the contents of this script are missing from the provided files, its security properties and actual behavior cannot be verified.
  • [EXTERNAL_DOWNLOADS]: The skill's synchronization feature pulls data from an external GitHub repository (github.com/AgriciDaniel/flow). While this is a vendor-owned resource, the execution of downloaded content at runtime creates a potential supply chain risk.
  • [COMMAND_EXECUTION]: Documentation in SKILL.md references the use of the GitHub CLI tool (gh api rate_limit, gh auth login), indicating that the skill may interact with the user's local environment, shell, and authentication tokens.
  • [PROMPT_INJECTION]: The skill ingests untrusted data via URL and topic arguments in several commands (find, leverage, optimize, win, local).
  • Ingestion points: Arguments [url|topic] in multiple /seo flow sub-commands.
  • Boundary markers: Absent. The orchestration logic instructs the agent to apply prompts directly to the URL context.
  • Capability inventory: Execution of scripts/sync_flow.py via subprocess, file system reads of reference prompts, and terminal output.
  • Sanitization: Absent. There is no evidence of input validation or escaping for the user-provided URLs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 10:11 PM