skills/fusengine/agents/seo-sitemap/Gen Agent Trust Hub

seo-sitemap

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill workflow involves running a local script scripts/parse-sitemap.ts to parse sitemap files. This is consistent with the technical nature of the skill.
  • [DATA_EXFILTRATION]: The agent is instructed to fetch /sitemap.xml files from remote servers. This network activity is the primary function of the skill and does not target sensitive data.
  • [SAFE]: No obfuscation, credential misuse, or persistence mechanisms were found. The skill processes external data, posing a theoretical indirect prompt injection surface which is standard for web-parsing tools.
  • [PROMPT_INJECTION]: Potential surface for indirect prompt injection via external data ingestion.
  • Ingestion points: External sitemap files fetched in workflow step 1.
  • Boundary markers: None explicitly defined in the workflow instructions.
  • Capability inventory: Local script execution and URL cross-checking logic.
  • Sanitization: No specific sanitization or escaping steps are mentioned in the instruction markdown.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:28 AM
Security Audit — agent-trust-hub — seo-sitemap