Skills
skills/gooseworks-ai/goose-skills/programmatic-seo-spy/Gen Agent Trust Hub

programmatic-seo-spy

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill triggers the execution of a local Python script catalog_content.py belonging to its site-content-catalog dependency. This is used to crawl competitor sitemaps and collect URL data as part of its primary function.
  • [DATA_EXFILTRATION]: The skill communicates with well-known SEO services including DataForSEO, SEMrush, Ahrefs, and SimilarWeb to obtain domain analytics. These requests are transparently documented as part of the 'Enhanced mode' and target reputable industry providers.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting and analyzing content from competitor websites and sitemaps.
  • Ingestion points: Competitor sitemaps and webpage samples fetched in Phase 1 and Phase 4.
  • Boundary markers: Absent; the instructions do not include specific delimiters or warnings to ignore embedded instructions in the crawled data.
  • Capability inventory: Ability to execute shell commands for data cataloging and write analysis reports to the local file system.
  • Sanitization: Absent; the skill does not explicitly sanitize the external content before processing it for template quality analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:48 AM