programmatic-seo

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's official API at https://ai-skills.ai to perform SEO analysis. This is documented and expected behavior for the skill's functionality.
  • [COMMAND_EXECUTION]: The skill provides a Python runner script (scripts/run.py) intended for the user to execute locally to interact with the service. The script performs standard API requests using Python's urllib library.
  • [CREDENTIALS_UNSAFE]: The skill requires an AISKILLS_API_KEY provided via environment variables for authentication. This is a standard and secure practice for managing API credentials and does not involve hardcoded secrets.
  • [PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it is designed to ingest and process untrusted data from external URLs, uploaded files (CSV/Excel), and pasted text.
  • Ingestion points: Data enters the context via materialText, materialFile, and materialUrl parameters as defined in references/form-schema.json.
  • Boundary markers: No specific delimiters or "ignore instructions" warnings are present in the prompt structure.
  • Capability inventory: The skill's primary capabilities are text analysis and summary generation; no high-risk capabilities like local file writes or arbitrary shell execution were detected in the agent's instructions.
  • Sanitization: No explicit input sanitization or validation logic is implemented within the provided scripts, relying instead on the backend API's processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:59 AM
Security Audit — agent-trust-hub — programmatic-seo