Skills
skills/gooseworks-ai/goose-skills/serp-feature-sniper/Gen Agent Trust Hub

serp-feature-sniper

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface identified. The skill processes untrusted data retrieved from external sources, which could contain malicious instructions.
  • Ingestion points: Competitor webpage content fetched via fetch_webpage (Phase 2) and search results via web_search (Phase 1).
  • Boundary markers: Absent. The skill does not implement specific delimiters or 'ignore' instructions for the data fetched from the internet.
  • Capability inventory: The skill possesses file-writing capabilities to the local filesystem (under the clients/ directory) and makes network calls to SEO APIs.
  • Sanitization: Absent. No logic is defined to sanitize or escape external content before it is processed by the agent.
  • [EXTERNAL_DOWNLOADS]: Fetches SERP data from well-known technology providers such as SerpAPI, Serper.dev, DataForSEO, and ValueSERP. These downloads are performed in the context of official API usage and are documented neutrally.
  • [COMMAND_EXECUTION]: Performs local file system operations by saving analysis reports to the clients/ subdirectory. This behavior is aligned with the skill's stated purpose of report generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 09:59 PM