gr-seo-patrol

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill implements its core functionality through several Python scripts located in the scripts/ directory which handle automated reporting, keyword diagnosis, and content updates. Evidence: daily-report.py, canonical-fix.py, and rescue-post.py are called by the agent to perform SEO tasks.
  • [DATA_EXFILTRATION]: The skill makes network requests to DataForSEO, a well-known technology service provider, to retrieve live search engine results. This is the primary data source for the skill's SEO analysis. Evidence: API calls to api.dataforseo.com in SKILL.md and scripts/daily-report.py.
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection as it ingests and processes data from external sources that is then used to modify repository content. 1. Ingestion points: SERP data retrieved from DataForSEO in scripts/daily-report.py. 2. Boundary markers: None identified in the script logic or instructions. 3. Capability inventory: Write access to the GitHub repository via the GitHub Contents API in scripts/canonical-fix.py and scripts/rescue-post.py. 4. Sanitization: No explicit validation or filtering of external API data is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:26 AM
Security Audit — agent-trust-hub — gr-seo-patrol