seo-audit
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Python script (
scripts/run.py) that functions as a runner to send parameters to the backend API and poll for results. - [EXTERNAL_DOWNLOADS]: The runner script makes network requests to
https://ai-skills.aito execute the skill logic. This domain is consistent with the skill's documented infrastructure. - [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data, which presents an indirect prompt injection surface.
- Ingestion points: External data enters the skill via the
materialUrl(user-provided URLs),materialFile(uploaded document files), andmaterialText(pasted content) parameters defined inreferences/form-schema.json. - Boundary markers: No explicit delimiting or instructions to ignore embedded commands are present in the provided local files.
- Capability inventory: The skill's local capabilities are restricted to network communication with the designated API endpoint; it does not perform local file system writes or arbitrary command execution based on the processed data.
- Sanitization: Input data is forwarded directly to the API without client-side sanitization or validation beyond basic JSON structure.
- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized credential harvesting patterns were detected. The use of an API key via environment variables follows standard security practices for this type of integration.
Audit Metadata