seo
Fail
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The repository's installation guides recommend piping a remote shell script from GitHub directly into the bash or PowerShell interpreter (e.g.,
curl -fsSL ... | bash). While these resources originate from the author's repository, this pattern bypasses manual review of the executed code. - [COMMAND_EXECUTION]: Multiple Python scripts, including
generate_report.py,lighthouse_runner.py,github_api.py, andrepo_release_seo.py, utilize thesubprocessmodule to run external binaries and internal scripts. This allows the skill to interact with system-level tools such asgit,gh(GitHub CLI), andnpx(Node Package Runner) using inputs derived from user requests. - [EXTERNAL_DOWNLOADS]: The installation process involves downloading release archives from GitHub and extracting them to the local environment. Additionally, scripts such as
lighthouse_runner.pymay trigger the retrieval of Node.js dependencies at runtime if they are not already installed. - [DATA_EXFILTRATION]: To perform its primary function, the skill fetches content from arbitrary external URLs. This functionality is mitigated by a shared security policy in
scripts/lib/safe_http.pythat validates resolved IP addresses to prevent Server-Side Request Forgery (SSRF) against internal or private networks. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from the web (via
read_url_contentandfetch_page.py) and incorporates it into the LLM's reasoning context. This context can subsequently influence the execution of high-capability scripts, although the severity is considered low due to existing LLM guardrails.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Bhanunamikaze/Agentic-SEO-Skill/main/install.sh - DO NOT USE without thorough review
Audit Metadata