seo-opportunity-finder
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python and Node.js scripts (e.g., catalog_site.py and cli.js) to perform website crawling and data analysis. These operations are intended functional calls within the composite skill structure.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes data from external website crawls. 1. Ingestion points: Site content inventories and competitor keyword data retrieved via Phase 1 and Phase 2. 2. Boundary markers: No explicit delimiters or isolation instructions are defined in the orchestration logic. 3. Capability inventory: Local subprocess execution and file system writes to the clients/ directory. 4. Sanitization: No explicit sanitization or validation of the ingested external content is described in the logic.
- [SAFE]: The skill appropriately handles sensitive credentials by instructing the user to use the APIFY_API_TOKEN environment variable rather than hardcoding secrets.
Audit Metadata