gsc-ahrefs-browser-audit
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements secure authentication practices by instructing the agent to pause for manual user login and explicitly prohibiting the request of passwords or 2FA codes.
- [COMMAND_EXECUTION]: The skill utilizes browser automation to navigate and extract data from Google Search Console and Ahrefs dashboards. This is a legitimate use of tool capabilities for its stated purpose of SEO research.
- [PROMPT_INJECTION]: The skill processes external data from web dashboards, which represents an indirect prompt injection surface (Category 8). However, this is assessed as safe as the instructions focus on extracting quantitative SEO metrics and keywords rather than interpreting or executing text as instructions.
- [SAFE]: The skill accesses local repository configuration (package.json, README.md) and environment variables to identify the site domain. The extracted data is written to a local markdown file (seo-work-brief.md) and is not exfiltrated to unauthorized external endpoints.
Audit Metadata