seo-audit
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEDATA_EXFILTRATION
Full Analysis
- [DATA_EXPOSURE]: The skill accesses sensitive business data stored in the local filesystem to provide brand-aware auditing. Specifically, it reads from
~/.claude-marketing/brands/for brand profiles, compliance rules, and standard operating procedures (SOPs). While this is within the scope of a marketing automation tool, it represents access to local user data. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves crawling and analyzing content from external URLs provided by users. This creates an attack surface where a malicious website could include hidden instructions designed to influence the agent's behavior, override audit criteria, or manipulate the final report findings.
- Ingestion points: Technical, on-page, and content audits involve reading HTML and metadata from external web domains.
- Boundary markers: None specified in the instructions to separate external data from system instructions.
- Capability inventory: The skill reads local brand files and generates structured reports based on external data.
- Sanitization: No explicit sanitization or filtering of the ingested website content is mentioned.
Audit Metadata