The Agent Skills Directory

[DATA_EXFILTRATION]: The skill fetches content from external URLs to perform SEO analysis. The included script scripts/check-social.py incorporates SSRF (Server-Side Request Forgery) protection by resolving the target hostname and validating that the IP address is not private, loopback, or reserved before making the request.
[COMMAND_EXECUTION]: The skill generates local HTML reports and suggests using the open command to display them to the user. This is an expected behavior for a tool whose primary purpose is generating and reviewing technical reports.
[PROMPT_INJECTION]: The skill ingests untrusted HTML content from external sources for metadata auditing. This presents a surface for indirect prompt injection, as malicious text within meta tags could attempt to influence the LLM's semantic review. However, the risk is managed by the skill's structured JSON-to-HTML reporting workflow.
[CREDENTIALS_UNSAFE]: The skill references the potential use of Google Search Console (GSC) API credentials. It follows security best practices by instructing users to manage these via environment variables rather than hardcoding them.

seo-audit-full