seo
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is vulnerable to indirect prompt injection because it fetches and processes untrusted data from the web (via WebFetch and WebSearch) to perform SEO audits.
- Ingestion points: External website content, robots.txt files, and search results are read into the agent context in several agents including ai-presence-agent.md, crawl-agent.md, and foundations-agent.md.
- Boundary markers: The provided agent instructions do not define clear delimiters (such as XML tags) or 'ignore embedded instructions' warnings to prevent the agent from being influenced by natural language instructions found on the audited websites.
- Capability inventory: The skill has access to powerful tools like Bash, Read, Grep, and Glob. While the skill's own code is benign, an attacker could potentially hijack the agent's flow by placing malicious prompts on a page being audited.
- Sanitization: There is no mention of sanitizing, escaping, or filtering external content before it is interpolated into the prompts for the sub-agents.
Audit Metadata