The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from external sources, specifically Google "related searches" and "People Also Ask" questions retrieved via WebSearch. This data is used to formulate content architectures and is passed as context to a blog-writing skill.
Ingestion points: WebSearch results for keyword expansion and PAA question mining in SKILL.md (Step 1 & 2).
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the instructions for handling external search data.
Capability inventory: The skill writes local data files (cluster-plan.json, cluster-map.html, cluster-briefs/) and triggers automated content creation through the claude-blog skill as described in references/execution-workflow.md.
Sanitization: The skill performs basic text normalization (deduplication and casing) but lacks robust sanitization or validation of the untrusted search content against potential prompt injection attacks.
[COMMAND_EXECUTION]: The skill executes local Python scripts (scripts/fetch_page.py and scripts/dataforseo_costs.py) to manage network requests and API cost validation. The fetch_page.py script is documented to include SSRF protection via URL validation.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve SERP data and webpage content using WebSearch and the DataForSEO API. These operations are core to its functionality for identifying SERP overlap and intent classification.

seo-cluster