seo-project-setup
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows standard procedures for SEO project organization and context building. It guides the user through creating a structured workspace for storing SEO-related notes and reports.
- [COMMAND_EXECUTION]: The skill utilizes Model Context Protocol (MCP) tools such as
whoami,list_projects, andget_search_console_performancefor legitimate project management and data retrieval. These operations are scoped to the intended SEO functionality and do not involve arbitrary command execution. - [DATA_EXPOSURE]: The skill prompts users to organize SEO-related data (keywords, Search Console exports) in a local directory. This is a standard practice for maintaining project state and does not involve accessing sensitive system credentials or performing unauthorized data exfiltration.
- [PROMPT_INJECTION]: The skill processes user-provided SEO data and Search Console exports. While this presents an indirect prompt injection surface common to data-processing tools, the instructions are focused on legitimate SEO setup and do not attempt to bypass safety filters.
- Ingestion points: Reads local CSV files and user-provided notes or documentation within the workspace folder (e.g.,
SKILL.md). - Boundary markers: No explicit delimiter instructions are provided for parsing external file content.
- Capability inventory: Uses file creation tools and SEO-specific MCP tools (
get_search_console_performance,keyword-research, etc.) inSKILL.md. - Sanitization: No specific sanitization or validation of external CSV content is defined in the workflow.
Audit Metadata