seo-geo
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its website audit functionality.
- Ingestion points: The
scripts/seo_audit.pyscript fetches content (titles, meta descriptions, and H1 tags) from arbitrary URLs provided by the user. - Boundary markers: The output of the script is presented to the agent without explicit delimiters or instructions to ignore embedded commands within the fetched HTML content.
- Capability inventory: The agent can execute local Python scripts, perform network requests, and search the web, which could be exploited if the agent follows instructions found on a malicious website being audited.
- Sanitization: The script uses regular expressions to extract text from HTML tags, which provides some filtering but does not prevent semantic instructions within that text from being processed by the LLM.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to external services as part of its core functionality.
- Well-known services: Scripts such as
scripts/dataforseo_api.pyandscripts/keyword_research.pyfetch data fromapi.dataforseo.com. This is a well-known industry service for SEO data and is documented neutrally. - Audit requests: The
scripts/seo_audit.pyscript performs GET requests to user-specified URLs to analyze their SEO meta tags. - [CREDENTIALS_UNSAFE]: The skill handles API credentials safely.
- Credential Management: The
scripts/credential.pyandscripts/dataforseo_api.pyfiles retrieve API logins and passwords from theDATAFORSEO_LOGINandDATAFORSEO_PASSWORDenvironment variables, which is the recommended practice for local agent skills.
Audit Metadata