seo-audit

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a Python script (scripts/run.py) that functions as a runner to send parameters to the backend API and poll for results.
  • [EXTERNAL_DOWNLOADS]: The runner script makes network requests to https://ai-skills.ai to execute the skill logic. This domain is consistent with the skill's documented infrastructure.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data, which presents an indirect prompt injection surface.
  • Ingestion points: External data enters the skill via the materialUrl (user-provided URLs), materialFile (uploaded document files), and materialText (pasted content) parameters defined in references/form-schema.json.
  • Boundary markers: No explicit delimiting or instructions to ignore embedded commands are present in the provided local files.
  • Capability inventory: The skill's local capabilities are restricted to network communication with the designated API endpoint; it does not perform local file system writes or arbitrary command execution based on the processed data.
  • Sanitization: Input data is forwarded directly to the API without client-side sanitization or validation beyond basic JSON structure.
  • [SAFE]: No obfuscation, persistence mechanisms, or unauthorized credential harvesting patterns were detected. The use of an API key via environment variables follows standard security practices for this type of integration.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 07:58 AM
Security Audit — agent-trust-hub — seo-audit