topical-authority-mapper
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands to execute local Python scripts (
catalog_site.py,scrape_reddit.py) for site auditing and data collection tasks.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from several well-known technology services and SEO APIs including DataForSEO, SEMrush, Ahrefs, Reddit, and search engines. These network operations are intended for the primary purpose of the skill and target established service domains.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its ingestion of untrusted content from the web.\n - Ingestion points: Data is retrieved from user-provided URLs and competitor domains via
site-content-catalog, and from social media discussions viareddit-scraper.\n - Boundary markers: The skill instructions do not specify any delimiters or instructions to help the agent distinguish between operational logic and the retrieved external content.\n
- Capability inventory: The agent has the capability to execute shell commands and write files, which could be exploited if malicious instructions are embedded in the scraped data.\n
- Sanitization: No sanitization, validation, or filtering processes are described for the fetched content before it is processed by the agent.
Audit Metadata