Skills
skills/jeffli1993/seo-audit-skill/seo-audit/Gen Agent Trust Hub

seo-audit

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the requests library and fetches data from the Google PageSpeed Insights API, which is a well-known and trusted service.
  • [COMMAND_EXECUTION]: The skill executes local Python scripts to analyze page data and uses the open command to display the generated HTML report to the user.
  • [DATA_EXFILTRATION]: The skill performs network operations to fetch content from user-provided URLs and Google APIs. It mitigates SSRF risks by including validation logic in scripts/fetch-page.py and scripts/check-site.py that blocks requests to private, loopback, or reserved IP addresses.
  • [PROMPT_INJECTION]: The skill processes untrusted HTML data from external URLs, creating a surface for indirect prompt injection.
  • Ingestion points: Content is fetched via fetch-page.py and processed by check-page.py and check-schema.py.
  • Boundary markers: None explicitly defined in the instructions for LLM judgment calls.
  • Capability inventory: The agent can execute local scripts and the system open command.
  • Sanitization: The risk is reduced because the skill uses specific Python scripts to extract individual data elements (like H1 text or Meta descriptions) rather than passing the entire raw HTML body into a prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 03:15 AM