seo-sxo
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts
scripts/fetch_page.pyandscripts/parse_html.pyto acquire and structure data from target URLs. - [EXTERNAL_DOWNLOADS]: The skill retrieves external data from Google search results and optionally uses DataForSEO APIs for keyword and SERP analysis.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted content from user-provided URLs and search engine snippets without specific boundary markers.
- Ingestion points: Target URL content and SERP result snippets.
- Boundary markers: Absent; the instructions do not include delimiters or specific warnings to ignore instructions embedded in the fetched HTML.
- Capability inventory: Subprocess execution of local scripts for network fetching and HTML parsing.
- Sanitization: Absent; the tool parses and processes raw external content for analysis and report generation.
Audit Metadata