seo-audit
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill interacts with external websites to retrieve SEO data. To mitigate the risk of Server-Side Request Forgery (SSRF), the scripts (
fetch-page.py,check-site.py, etc.) implement validation logic that resolves hostnames and explicitly blocks requests to private, loopback, or reserved IP addresses. - [COMMAND_EXECUTION]: The skill uses local Python scripts to automate data collection. These scripts are invoked with explicit arguments and follow a defined workflow. Additionally, the skill uses the system's
opencommand to facilitate the viewing of the generated audit report, which is a standard operational behavior for this use case. - [PROMPT_INJECTION]: The agent is tasked with performing semantic reviews of content fetched from untrusted external URLs (e.g., verifying if an H1 tag matches search intent). While this constitutes an inherent surface for indirect prompt injection, the skill reduces risk by using mechanical scripts for data extraction and providing the agent with strict formatting rules and limited interpretation scope.
Audit Metadata