ai-seo-2
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes a Python runner script (
scripts/run.py) to communicate with the vendor's official API atai-skills.ai. This is a standard and expected architectural pattern for this type of service. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its data-processing nature:
- Ingestion points: The skill ingests untrusted data through the
materialText,materialUrl, andmaterialFileparameters defined inreferences/form-schema.json. - Boundary markers: No explicit delimiters or instructions to ignore embedded directives are used in the prompt templates.
- Capability inventory: The
scripts/run.pyscript includes network capabilities (urllib.request) to transmit data to the vendor's backend. - Sanitization: No evidence of sanitization or content filtering for the input data was found in the provided files.
Audit Metadata