seo

Fail

Audited by Snyk on May 30, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). The list contains direct raw GitHub installer scripts (install.sh, install.ps1) and GitHub release/archive links from an unvetted user plus explicit "curl | bash" / remote-install instructions in the skill — a common and high-risk malware distribution pattern even though many other URLs are benign official/placeholder links.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). The required runtime workflow for seo audit/seo page ingests outsider-authored free text by fetching and parsing arbitrary user-supplied URLs (e.g., read_url_content(url) / scripts/fetch_page.py → parsed HTML text) into the agent’s LLM context for analysis.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).


MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
CRITICAL
Analyzed
May 30, 2026, 09:19 PM
Issues
4
Security Audit — snyk — seo