Skills
skills/aradotso/marketing-skills/seo-content-marketing-skill-suite/Gen Agent Trust Hub

seo-content-marketing-skill-suite

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions create an indirect prompt injection surface by requiring the agent to ingest and analyze untrusted content from external websites while utilizing high-privilege capabilities such as network access and API authentication.
  • Ingestion points: Commands such as /technical-seo, /content-audit, and /page-speed-seo ingest and process data from external URLs.
  • Boundary markers: Absent. There are no instructions for the agent to use delimiters or safety guidelines to ignore instructions found within the processed web data.
  • Capability inventory: The skill manages multiple sensitive API keys (OpenAI, Ahrefs, Semrush) and provides examples for network operations to Slack webhooks and email notifications.
  • Sanitization: There is no instruction to sanitize or validate the content fetched from external URLs before processing.
  • [COMMAND_EXECUTION]: Integration examples in the documentation demonstrate unsafe shell command execution practices that could be vulnerable if implemented directly by users.
  • Evidence: The provided JavaScript integration snippet for Google Sheets export uses execSync with direct string interpolation of the topic variable into a shell command, representing a potential command injection vector.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 11:26 AM
Security Audit — agent-trust-hub — seo-content-marketing-skill-suite