r14-borghei-claude-skills-seo
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions to install the toolkit by cloning a repository from GitHub (
github.com/SheenEmpress/r14-borghei-claude-skills-seo.git). This involves fetching external code from a source that is not listed among the trusted organizations or vendors. - [COMMAND_EXECUTION]: The project includes several shell command examples and bash scripts (
daily-seo-check.sh,monthly-seo-report.sh) designed for automation and setup. These scripts involve file system operations and command execution in the user's local environment. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it is designed to ingest and analyze data from external websites (e.g., via
/content-auditor/technical-seo). Malicious instructions embedded in those websites could attempt to influence the agent's behavior during the analysis phase. - Ingestion points: External URLs provided for audits, competitor domain data, and SERP analysis results.
- Boundary markers: None identified; the documentation does not specify any delimiters or instructions for the agent to ignore embedded commands within the analyzed content.
- Capability inventory: File system access for reports, tool execution, and network operations for auditing site performance.
- Sanitization: There is no evidence of content sanitization or validation routines for data fetched from external URLs.
Audit Metadata