seo-content-marketing-claude-skills
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to ingest and analyze untrusted external data, such as website content and competitor information, which creates a surface for indirect prompt injection attacks.
- Ingestion points: Untrusted data enters the agent context via the
--domain,--url, and--competitorsarguments, as well as input files likekeywords.txt. - Boundary markers: No specific boundary markers or instructions to ignore embedded prompts are described in the provided documentation.
- Capability inventory: The skill has the ability to write to files (
--fileflag) and interact with external SEO tool APIs. - Sanitization: There is no mention of sanitizing or filtering content from external sources before processing.
- [EXTERNAL_DOWNLOADS]: The skill provides installation instructions involving cloning a repository from a third-party GitHub account.
- [DATA_EXFILTRATION]: The skill features commands that can export analyzed data to local files (
--file) and send data to external SEO platforms via API integrations. This represents a potential data exposure path if utilized maliciously. - [COMMAND_EXECUTION]: The documentation includes examples of automating the skill using shell scripts and programming languages (e.g., Python's
subprocess.run), which involves executing the tool's commands from the command line.
Audit Metadata