The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is designed to access and manage sensitive credential files located at ~/.config/claude-seo/google-api.json and ~/.config/claude-seo/service_account.json. These files contain API keys and service account private keys. While necessary for the skill's primary purpose of interacting with Google APIs, the ability to read these sensitive paths represents a data exposure risk.
[PROMPT_INJECTION]: The skill processes untrusted data from external sources, which constitutes an indirect prompt injection attack surface.
Ingestion points: External content is ingested through scripts/pagespeed_check.py (analyzes target URLs), scripts/youtube_search.py (fetches video metadata and top 10 comments), and scripts/nlp_analyze.py (extracts entities and sentiment from URLs or provided text).
Boundary markers: The instructions do not define clear delimiters or specific warnings to ignore instructions embedded within the ingested data.
Capability inventory: The agent has the capability to execute several Python scripts (scripts/*.py), perform network requests to various Google API endpoints, and write report files to the local file system.
Sanitization: There is no evidence in the instructions or references of sanitization, validation, or escaping of the external content before it is processed by the agent.
[COMMAND_EXECUTION]: The skill relies on executing a variety of local Python scripts to perform data collection and reporting. These scripts include google_auth.py, pagespeed_check.py, crux_history.py, gsc_query.py, gsc_inspect.py, indexing_notify.py, ga4_report.py, youtube_search.py, nlp_analyze.py, keyword_planner.py, and google_report.py. These scripts are called via the command line with arguments often derived from user input, such as URLs or property identifiers.

seo-google