Skills
skills/agricidaniel/codex-seo/seo-flow/Gen Agent Trust Hub

seo-flow

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The /seo flow sync command executes a local Python script (scripts/sync_flow.py) to download updated prompt files from the author's repository at github.com/AgriciDaniel/flow. This is a standard vendor-controlled update mechanism.
  • [COMMAND_EXECUTION]: The skill invokes shell commands including python, and GitHub CLI tools (gh api rate_limit, gh auth login) to manage prompt synchronization and handle network-related errors during updates.
  • [PROMPT_INJECTION]: The skill processes external content from user-provided URLs and topics, which represents an indirect prompt injection surface. Maliciously crafted content on a target webpage could attempt to influence the agent's analysis.
  • Ingestion points: User-supplied URL or topic arguments provided to the /seo flow [stage] commands.
  • Boundary markers: Prompt templates in the references/prompts/ directory do not utilize specific delimiters (like XML tags) to isolate external content from the instruction set.
  • Capability inventory: The skill has capabilities for local file caching and command execution for maintenance, but these are not directly exposed to the content of analyzed URLs.
  • Sanitization: There is no explicit sanitization or filtering of the text content ingested from user-provided URLs before it is processed by the analysis prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 08:38 AM
Security Audit — agent-trust-hub — seo-flow