seo-sitemap
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves running a local script
scripts/parse-sitemap.tsto parse sitemap files. This is consistent with the technical nature of the skill. - [DATA_EXFILTRATION]: The agent is instructed to fetch
/sitemap.xmlfiles from remote servers. This network activity is the primary function of the skill and does not target sensitive data. - [SAFE]: No obfuscation, credential misuse, or persistence mechanisms were found. The skill processes external data, posing a theoretical indirect prompt injection surface which is standard for web-parsing tools.
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection via external data ingestion.
- Ingestion points: External sitemap files fetched in workflow step 1.
- Boundary markers: None explicitly defined in the workflow instructions.
- Capability inventory: Local script execution and URL cross-checking logic.
- Sanitization: No specific sanitization or escaping steps are mentioned in the instruction markdown.
Audit Metadata