image-seo-audit
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted content from external URLs provided by the user to perform image audits. This creates a surface for indirect prompt injection, where malicious instructions could be hidden in HTML tags (e.g., alt text or title attributes) to influence the agent's output or subsequent actions.
- Ingestion points: Fetches and processes HTML elements (img, picture, source) from the target URL specified in the input.
- Boundary markers: The skill does not define boundary markers or explicit instructions for the agent to ignore potentially malicious text within the analyzed attributes.
- Capability inventory: Uses a Python script (tech-seo-auditor.py) to fetch and parse page content; no sensitive file access or outbound network operations beyond the initial fetch are documented.
- Sanitization: There is no mention of sanitizing the ingested HTML content or validating the text extracted from image attributes before processing.
Audit Metadata