The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it crawls untrusted external content from a user-provided URL and processes it using multiple subagents and scripts.
Ingestion points: The skill fetches HTML from a user-provided [url] in scripts/fetch_page.py and performs a deep crawl of up to 500 pages.
Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious instructions embedded within the crawled HTML content (e.g., hidden tags or metadata).
Capability inventory: The skill possesses significant capabilities, including executing local Python scripts (scripts/google_auth.py, scripts/drift_history.py, etc.), writing report files to disk, and capturing screenshots.
Sanitization: The skill does not mention any sanitization or filtering of the content retrieved from external websites before passing it to subagents like seo-content or seo-sxo.
[COMMAND_EXECUTION]: The skill executes shell commands that incorporate user-provided input. Specifically, the instruction python scripts/drift_history.py <url> passes the raw URL argument directly to a Python script execution, which could lead to command injection if the environment does not properly sanitize the URL string.

seo-audit-full