Skills
skills/agricidaniel/codex-seo/seo-cluster/Gen Agent Trust Hub

seo-cluster

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it is designed to ingest and process data from external, untrusted sources.
  • Ingestion points: According to SKILL.md and references/serp-overlap-methodology.md, the skill fetches organic search results from WebSearch or the DataForSEO API and scrapes content from user-provided URLs.
  • Boundary markers: The instructions lack specific requirements for the agent to use delimiters or "ignore embedded instructions" protocols when handling the retrieved search engine results or page analysis data.
  • Capability inventory: The skill has permissions to write files to the local directory (e.g., cluster-plan.json, cluster-map.html) and can trigger automated content creation by invoking the blog-write skill as detailed in references/execution-workflow.md.
  • Sanitization: While the skill mentions SSRF protection via validate_url() in scripts/fetch_page.py, there is no evidence of sanitization for the natural language content extracted from the web, which could contain instructions intended to influence the agent's behavior during the clustering or execution phases.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 08:38 AM
Security Audit — agent-trust-hub — seo-cluster