The Agent Skills Directory

[COMMAND_EXECUTION]: The skill orchestrates analysis by executing local Python scripts (e.g., catalog_content.py, analyze_domain.py) using python3. The command templates use placeholders like [domain] and [client] for user-supplied input, which represents a potential command injection surface if the executing agent does not properly sanitize these variables before execution.
[EXTERNAL_DOWNLOADS]: The skill interacts with external SEO services such as Semrush and Ahrefs via Apify and uses web-fetching capabilities to retrieve content from target and competitor domains. These network operations are essential for the skill's stated purpose of SEO auditing.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external websites to perform 'deep analysis' and 'brand voice extraction'. Malicious instructions hidden in the crawled website content could potentially influence the agent's final report synthesis.
Ingestion points: Website content fetched via WebFetch and site-content-catalog scripts.
Boundary markers: None explicitly defined in the instructions to separate external data from agent instructions.
Capability inventory: File system writes to clients/ and shell command execution via python3 subprocesses.
Sanitization: No specific sanitization or filtering of fetched content is described in the audit process.

seo-content-audit