seo-audit
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill uses file system tools to read project configuration and source files (e.g., package.json, TSX, HTML) to perform its SEO analysis. This access is necessary for the skill's functionality and is restricted to the local workspace.
- [EXTERNAL_DOWNLOADS]: The skill mentions the
@upstash/context7-mcptool and provides a command for the user to install it via npx if it's missing. Upstash is a well-known service, and the instruction is provided as a transparent recommendation to the user. - [PROMPT_INJECTION]: The instructions include logic to ignore user-provided arguments in favor of interactive prompts to prevent unexpected input from affecting the auditing logic. This is a safety measure to ensure predictable behavior.
- [COMMAND_EXECUTION]: The skill performs standard file operations such as creating directories for reports, writing markdown files, and updating the .gitignore file. These actions are performed according to the user's interactive configuration and follow project management best practices.
- [INDIRECT_PROMPT_INJECTION]: As the skill ingests content from various files in the project for auditing, it possesses a surface for indirect injection. However, the skill implements specific, narrow pattern matching for SEO criteria, which limits the risk of arbitrary instruction execution from within the scanned data.
Audit Metadata