seo-google
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The analyzed files consist only of markdown documentation and templates; the functional Python scripts referenced in the commands are not present in the provided source set.
- [SAFE]: Analysis of the instructions and references shows legitimate use of official Google APIs for SEO data collection with no signs of malicious intent or data exfiltration.
- [COMMAND_EXECUTION]: The skill is designed to trigger local Python scripts that perform search analytics, indexing requests, and performance audits.
- [CREDENTIALS_UNSAFE]: Security best practices are followed for managing API keys and service account JSON files by guiding users to store them in a secure local directory (~/.config/claude-seo/).
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from YouTube comments and webpage text. Ingestion points: nlp_analyze.py, youtube_search.py. Boundary markers: Markdown report templates. Capability inventory: File-write (reports), Network-ops (Google APIs). Sanitization: No sanitization logic was provided for review.
Audit Metadata