ai-internal-linking-optimizer

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data, creating a potential surface for indirect prompt injection. 1. Ingestion points: Data enters via the materialText, materialFile, and materialUrl parameters in SKILL.md and references/form-schema.json. 2. Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions embedded in the provided SEO materials. 3. Capability inventory: The scripts/run.py script performs network requests to transmit data to the processing API. 4. Sanitization: No sanitization or validation of the input content was observed in the provided files.
  • [EXTERNAL_DOWNLOADS]: The skill allows the ingestion of content from user-provided URLs via the materialUrl parameter for SEO analysis.
  • [COMMAND_EXECUTION]: The skill provides a Python script (scripts/run.py) intended for execution by the user to interact with the external service's API.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-internal-linking-optimizer