claude-code-seo-content-marketing-suite
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation guide instructs users to clone code from an untrusted third-party repository (github.com/PrefectFlourish22/r18-anthropics-claude-code-seo.git). This source has not been verified for safety.
- [CREDENTIALS_UNSAFE]: The documentation provides a configuration template (config.json) and instructions that encourage users to store sensitive, high-value API keys for services like SerpApi, Ahrefs, SEMrush, and Moz in plaintext on the local file system.
- [COMMAND_EXECUTION]: The skill defines a large set of custom commands (e.g., /technical-seo, /keyword-research) intended for execution within the agent's environment, which depend on the external scripts referenced in the installation section.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted data from external domains.
- Ingestion points: Website URLs and XML sitemaps processed via file-reading commands (SKILL.md).
- Boundary markers: None identified in the documentation to protect against instructions embedded in crawled content.
- Capability inventory: The skill performs network operations for crawling and API access, and file system writes for generating reports (SKILL.md).
- Sanitization: No validation or sanitization of ingested content is documented.
Audit Metadata