The Agent Skills Directory

[SAFE]: No evidence of prompt injection, data exfiltration, or persistence mechanisms was found. The skill operates within its defined scope of performing SEO audits and strategy generation.
[SAFE]: The skill uses standard tools (WebSearch, WebFetch, Bash) for legitimate SEO analysis purposes. No dangerous shell commands or privilege escalation attempts were detected.
[SAFE]: No obfuscation techniques, such as Base64-encoded strings, zero-width characters, or homoglyphs, were detected in the skill instructions or the extensive reference library.
[INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests untrusted HTML content from external websites during the SEO audit phase. However, this is inherent to its primary function and is considered low risk given the current instruction set.
Ingestion points: SKILL.md (Phase 3: Analyze) utilizes WebFetch on user-provided site URLs to inspect HTML elements like meta tags and heading hierarchies.
Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore instructions found within the fetched HTML.
Capability inventory: Includes Bash, WebFetch, WebSearch, and Read across all scripts.
Sanitization: Absent; the skill processes raw HTML content directly to identify technical SEO attributes.

website-seo