seo
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local Python scripts (e.g.,
google_auth.py,backlinks_auth.py,drift_history.py,google_report.py) to handle authentication, track history, and generate PDF deliverables. - [COMMAND_EXECUTION]: It utilizes command-line tools such as
curlandnpx lighthouseto perform real-time performance auditing and fetch raw data from external endpoints. - [EXTERNAL_DOWNLOADS]: The skill interacts with numerous well-known technology and data providers, including Google APIs (Search Console, PageSpeed, CrUX), Moz, Bing, OpenStreetMap (Overpass and Nominatim), and specialized services like DataForSEO and Geoapify.
- [PROMPT_INJECTION]: As a tool designed to crawl and analyze external websites, the skill possesses an indirect prompt injection attack surface. Content from untrusted, user-provided URLs is ingested into the agent's context for evaluation.
- Ingestion points: Crawled page content, metadata, and schema markup from audited URLs.
- Boundary markers: No explicit delimiters or 'ignore instructions' warnings are mentioned for the ingestion of crawled content.
- Capability inventory: The skill has access to shell execution via Python scripts and network operations via curl.
- Sanitization: No specific sanitization or filtering of external content is documented.
Audit Metadata