r06-alirezarezvani-claude-code-tresor-seo
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to clone a repository from an unverified GitHub account (
LairLightningDerrick/r06-alirezarezvani-claude-code-tresor-seo) and install a global npm package (r06-alirezarezvani-claude-code-tresor-seo) that is not associated with a trusted vendor or the stated author's infrastructure. - [REMOTE_CODE_EXECUTION]: The installation process involves executing external code and scripts from non-authoritative sources to enable the skill's SEO automation features.
- [COMMAND_EXECUTION]: The skill defines several commands that trigger shell-based operations, such as keyword research and technical audits, which involve network requests and data processing through externally installed CLI tools.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from arbitrary external URLs provided by the user (e.g., via
/content-auditor/technical-seo). If the target website contains instructions hidden in HTML or metadata, it could manipulate the agent's output. - Ingestion points: Web crawls of domain URLs provided in command arguments (SKILL.md).
- Boundary markers: None present in the instructions to separate untrusted site content from the agent's operational logic.
- Capability inventory: Network access for crawling, file system access for report exports, and AI-driven content generation across all scripts.
- Sanitization: No explicit validation or filtering of external site content is described in the skill documentation.
Audit Metadata