serp-tracker
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from search results, creating a potential surface for indirect prompt injection attacks.\n
- Ingestion points: The skill retrieves and processes snippets, 'People Also Ask' questions, and 'AI Overview' summaries via Moz and Google Search Console MCPs in Process step 2.\n
- Boundary markers: There are no explicit delimiters or boundary markers specified to separate the external search content from the agent's core instructions.\n
- Capability inventory: The skill has permission to read and write to local marketing data directories (~/.claude-marketing/) as described in Process steps 1 and 3.\n
- Sanitization: No sanitization of the retrieved external SERP content is mentioned before it is processed by the seo-specialist agent.\n- [DATA_EXPOSURE]: The skill accesses local application-specific files that contain brand profile and keyword information.\n
- Access points: Reads brand configuration data (
profile.json) and keyword lists (keywords.json) from directories under~/.claude-marketing/brands/.\n - Context: While this access is necessary for the skill's stated purpose, it involves reading sensitive business-related files from the local filesystem.
Audit Metadata