The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions direct users to clone a repository from an untrusted GitHub account (macrohelpclippers) to the local machine during the installation process.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and process untrusted content from external websites during SEO audits and competitor analysis.
Ingestion points: External domains, URLs, and competitor pages provided as arguments to commands such as /technical-seo, /content-audit, and /competitor-gap.
Boundary markers: Absent. The instructions do not specify any delimiters or safety guidelines for the agent when handling content fetched from these external sources.
Capability inventory: The skill enables the agent to read and write files (--output, --export) and suggests the ability to execute shell commands based on the described CLI-like interface.
Sanitization: Absent. There is no mention of filtering, escaping, or validating the content retrieved from websites before it is processed by the agent.
[COMMAND_EXECUTION]: The 'Integration Patterns' section of the documentation provides code examples (Node.js and Python) that are vulnerable to command injection. Specifically, the Node.js example uses execSync with an unvalidated postUrl variable, which could allow an attacker to execute arbitrary commands if the URL input is compromised.

r19-iannuttall-claude-agents-seo