aeo
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
aeo_audit.pyscript performs network requests to external URLs provided by the user using theurllib.requestlibrary. While this is a documented feature for auditing live websites, it represents a network operation to non-whitelisted domains. - Evidence: The
fetch_urlfunction inscripts/aeo_audit.pyusesurllib.request.urlopento retrieve HTML content from user-specified URLs. - [PROMPT_INJECTION]: The skill ingests and processes untrusted data from external websites and local files, creating a potential vector for indirect prompt injection.
- Ingestion points: Untrusted content enters the agent's context through URL fetching in
scripts/aeo_audit.pyand file reading inscripts/aeo_audit.pyandscripts/aeo_optimizer.py. - Boundary markers: The ingested content is not isolated with protective delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has the capability to perform network reads (
scripts/aeo_audit.py), write to the local file system (scripts/citation_tracker.py), and present processed content to the agent for further action. - Sanitization: There is no evidence of sanitization or filtering to detect or neutralize malicious prompt injection instructions within the ingested content.
Audit Metadata