geo-technical
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
curlto fetch raw HTML, robots.txt, and HTTP headers from target domains to evaluate technical SEO factors such as Time to First Byte (TTFB) and server-side rendering status.\n- [PROMPT_INJECTION]: The skill processes untrusted data from external websites as part of its auditing process, which represents an indirect prompt injection surface.\n - Ingestion points: Raw HTML, robots.txt content, and XML sitemaps fetched from user-provided target URLs.\n
- Boundary markers: The instructions do not specify the use of delimiters to separate fetched content from the agent's logic.\n
- Capability inventory: The agent performs network requests and data analysis to generate a markdown audit report.\n
- Sanitization: No specific content filtering or sanitization steps are defined for the retrieved data.\n- [SAFE]: All detected behaviors, including network operations and external data ingestion, are necessary components of the skill's stated purpose as a technical SEO audit tool.
Audit Metadata