seo-implement
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external target URLs and existing CMS meta tags during the validation and generation phases.
- Ingestion points: In SKILL.md, the process (Steps 2 and 3) captures snapshots of existing meta tags, schema markup, and page content from the target CMS and URLs.
- Boundary markers: None identified. The instructions do not define delimiters or provide specific directions to the agent to disregard potential instructions embedded within the retrieved HTML or SEO metadata.
- Capability inventory: The skill has the ability to write new SEO data, create redirects on CMS platforms, and execute a local logging script (
seo-executor.py). - Sanitization: While the skill validates SEO parameters (like character counts) and schema syntax, it lacks mechanisms to sanitize content for malicious prompt injection instructions designed to manipulate agent behavior.
- [COMMAND_EXECUTION]: The skill relies on a local script,
seo-executor.py, to record changes and manage rollback snapshots. Although this action is gated behind a user approval step, it represents the execution of an external script with access to local filesystem data.
Audit Metadata