skills/aradotso/marketing-skills/fabled-packer-redeem-seo-content-marketing-suite/Gen Agent Trust Hub
fabled-packer-redeem-seo-content-marketing-suite
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation process involves cloning a repository from an untrusted source (github.com/FabledPackerRedeem/...) which contains the skill's logic and commands.\n- [COMMAND_EXECUTION]: The skill provides instructions for manual integration that involve sourcing a shell script (commands.sh) directly into the user's environment, allowing for potential execution of arbitrary code.\n- [CREDENTIALS_UNSAFE]: The toolkit manages multiple high-value API keys for services like Google Search Console, OpenAI, and WordPress via environment variables, which could be targeted for exfiltration if the underlying tools are compromised.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it crawls and processes content from external domains during SEO audits without explicit sanitization or boundary markers.\n
- Ingestion points: The
technical-seoandcontent-auditcommands ingest data from external domains.\n - Boundary markers: None identified in the skill instructions or examples.\n
- Capability inventory: The skill allows for network access, file writing (reports), and the execution of a broad suite of CLI tools.\n
- Sanitization: There is no evidence of sanitization for the web content ingested during audits.
Audit Metadata