astro-seo
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill manages dependencies by installing npm packages including
@jdevalk/astro-seo-graph,@astrojs/sitemap, and rendering libraries likesatoriandsharp. These are standard tools for Astro development or vendor-owned resources. - [COMMAND_EXECUTION]: Uses
npmfor package installation and version checking. It also leveragesgitcommands (via thegitLastmodutility) to determine file modification dates for sitemap generation. - [DATA_EXFILTRATION]: Integrates with external SEO services such as IndexNow for search engine notification and
lycheeverse/lychee-actionfor link validation in CI pipelines. These represent standard SEO and DevOps operations. - [PROMPT_INJECTION]: As an auditing tool, the skill ingests user-provided project content from
src/content/and configuration fromastro.config.mjsto generate recommendations. This exposure to untrusted data constitutes a surface for indirect prompt injection. While explicit boundary markers are not documented, the skill utilizes Zod schemas for sanitization and operates within the restricted context of developer tooling.
Audit Metadata