seo-maker
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected across the skill's instructions, markdown references, or utility scripts. The skill performs legitimate analytical tasks associated with search engine optimization.
- [DATA_EXPOSURE_AND_EXFILTRATION]: While the skill utilizes tools to fetch external data (such as
WebFetchorWebSearch), these operations are limited to gathering evidence for the audit. There is no evidence of sensitive credentials or private files being accessed or transmitted to untrusted domains. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted web content as part of its auditing function. This constitutes a potential attack surface; however, the skill's design mitigates this risk by using structured data formats (JSON/Markdown) and restricting its output to defined artifact directories.
- Ingestion points: Live website URLs accessed via the
WebFetchtool. - Boundary markers: The workflow clearly distinguishes between platform policies, tool-based evidence, and heuristic findings to ensure data integrity.
- Capability inventory: Local file read/write access, use of scanning tools like
GrepandGlob, and permissions to apply safe code fixes within the project scope. - Sanitization: Audit results are encapsulated in structured reports, reducing the likelihood of accidental instruction execution from ingested content.
- [DYNAMIC_EXECUTION]: The
render-dashboard.shscript generates aresults.jsfile by serializing audit findings fromresults.json. This is a low-risk, standard implementation for creating local dashboards and does not involve the execution of untrusted remote code or dynamic loading from unverified sources.
Audit Metadata