seo-technical
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute Python scripts (e.g., scripts/pagespeed_check.py) using user-provided URLs as direct command-line arguments. This creates a potential command injection vector if the agent does not properly sanitize the user input before executing the shell command. Additionally, these referenced scripts were not included in the file bundle, preventing a full security audit of their internal logic.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it fetches and processes untrusted content from external URLs while possessing sensitive capabilities including script execution and API access.
- Ingestion points: The agent ingests external website content from user-provided URLs in SKILL.md for analysis.
- Boundary markers: Absent. There are no instructions defining clear delimiters or warnings to ignore embedded instructions within the fetched website content.
- Capability inventory: The agent has access to local command execution (via Python scripts) and is expected to have access to sensitive Google API credentials (SKILL.md).
- Sanitization: Absent. No logic is defined to validate or escape content retrieved from the target websites before processing.
Audit Metadata