sitemap-manager
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill fetches and parses external XML sitemaps and robots.txt files from user-provided URLs (SKILL.md, Mode 1).
- Boundary markers: Absent; the instructions do not provide delimiters or specific guidance for the agent to ignore malicious instructions that might be embedded within XML tags or comments in the fetched files.
- Capability inventory: The skill has the capability to perform network requests (sampling 20-50 URLs for health checks) and executes a script for auditing.
- Sanitization: Absent; there is no mention of XML schema validation or filtering of content ingested from the sitemaps.
- [EXTERNAL_DOWNLOADS]: The skill downloads content from arbitrary URLs provided at runtime. It is instructed to sample and visit 20-50 URLs discovered within those sitemaps to check HTTP status codes. This behavior could be exploited to perform Server-Side Request Forgery (SSRF) if the sitemap contains internal network addresses (e.g., localhost or cloud metadata services).
- [REMOTE_CODE_EXECUTION]: The skill identifies 'tech-seo-auditor.py' as a script used for URL health checking. However, the source code for this script is not provided in the skill package, making its logic and security unverifiable.
Audit Metadata