The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's primary functionality is implemented through the execution of several local Python scripts located in the scripts/ directory (e.g., google_auth.py, pagespeed_check.py, gsc_query.py, youtube_search.py). These scripts are invoked via the shell to process data and generate reports.
[PROMPT_INJECTION]: The skill is subject to Indirect Prompt Injection (Category 8) due to its processing of untrusted external content.
Ingestion points: Untrusted data enters the agent context through the /seo google youtube-video command (which retrieves the top 10 YouTube comments) and the /seo google nlp command (which analyzes the content of arbitrary URLs).
Boundary markers: There are no documented boundary markers or explicit instructions for the agent to ignore potentially malicious instructions embedded in the external data (e.g., within YouTube comments).
Capability inventory: The skill allows for command execution via Python scripts and local file system operations (writing to .seo-cache/ and generating reports).
Sanitization: The documentation does not describe any sanitization, filtering, or validation processes for the data retrieved from external sources before it is analyzed by the agent.
[EXTERNAL_DOWNLOADS]: The skill communicates with various official Google API endpoints, including analyticsdata.googleapis.com, indexing.googleapis.com, chromeuxreport.googleapis.com, and kgsearch.googleapis.com. These are well-known technology services and are considered trusted sources for the purpose of this analysis.
[CREDENTIALS_UNSAFE]: The skill accesses sensitive local files, specifically ~/.config/codex-seo/google-api.json and a service account JSON key file, to authenticate with Google APIs. While standard for this type of tool, this involves handling high-value credentials such as API keys and private keys.

seo-google