ai-seo-aeo-internal-linking
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external content, which presents a surface for indirect prompt injection. \n
- Ingestion points: materialText, materialFile, and materialUrl fields in references/form-schema.json. \n
- Boundary markers: None found in script files; protection relies on the platform's backend model guardrails. \n
- Capability inventory: Data is transmitted to the vendor API via scripts/run.py. \n
- Sanitization: Content is passed directly without local sanitization or filtering. \n- [COMMAND_EXECUTION]: The skill includes a Python runner script (scripts/run.py) designed for user execution. \n
- The script makes authorized API calls to the vendor's domain at ai-skills.ai. \n
- It utilizes environment variables for API key management and standard urllib for communication. \n- [EXTERNAL_DOWNLOADS]: The runner script attempts to import the well-known certifi package for SSL certificate verification, which is a standard security practice.
Audit Metadata