seo-hreflang
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for performing technical SEO audits on external websites and local content directories. While it ingests untrusted data from URLs, this behavior is central to its primary purpose as an auditing tool. The risk of indirect prompt injection is mitigated by the skill's focus on structured data (HTML tags, headers, and file metadata).
- Ingestion points: User-provided URLs and local directories referenced in the audit command.
- Boundary markers: Not explicitly defined in the prompt instructions.
- Capability inventory: The skill instructions indicate the agent will read external content, write to local cache JSON files, and modify the .gitignore file.
- Sanitization: No explicit sanitization logic is described, but the agent is tasked with technical validation of codes and formats.
- [SAFE]: The skill manages a local .seo-cache/ directory to store and retrieve data between related tasks. It includes instructions to add this directory to .gitignore, which is a security best practice to prevent the leakage of technical analysis data into version control.
- [SAFE]: References to files in sibling directories (e.g., ../seo/references/shared-data-cache.md) are used to maintain consistency across a suite of SEO tools by the same author and do not represent a malicious path traversal attempt.
Audit Metadata