seo-performance
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands like
mkdir,grep, andechoto manage a local.seo-cachedirectory and update the.gitignorefile as part of its audit workflow.\n- [DATA_EXFILTRATION]: The skill performs network operations to fetch performance metrics from user-provided URLs and the Google PageSpeed Insights API. Auditing external sites is the core function of the skill.\n- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to execute a local Python script,scripts/analyze_performance.py, to conduct the audit analysis.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes untrusted content from the web.\n - Ingestion points: Performance metrics and site data fetched from arbitrary external URLs and API responses.\n
- Boundary markers: No specific delimiters or protective instructions are provided to isolate the ingested data from the agent's core logic.\n
- Capability inventory: The skill is capable of executing local scripts, running shell commands, and writing files to the disk.\n
- Sanitization: No data validation or sanitization steps are documented for the content retrieved from external sources.
Audit Metadata