Skills
skills/gooseworks-ai/goose-skills/seo-domain-analyzer/Gen Agent Trust Hub

seo-domain-analyzer

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) because it processes untrusted data from scraped web content.
  • Ingestion points: Data retrieved from external domains via Semrush, Ahrefs, and Google Search scrapers in scripts/analyze_domain.py.
  • Boundary markers: No delimiters are used to separate scraped content from agent instructions.
  • Capability inventory: The skill has network access (via the requests library) and the ability to write files to disk.
  • Sanitization: Scraped data is incorporated into the analysis without filtering or escaping.
  • [CREDENTIALS_UNSAFE]: The script scripts/analyze_domain.py transmits the APIFY_API_TOKEN as a query parameter in URLs. This is a security weakness as it increases the risk of the token being logged or exposed in transit, compared to using authorization headers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:48 AM