geo
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes content from untrusted external websites provided by the user.\n
- Ingestion points: scripts/fetch_page.py, scripts/citability_scorer.py, and scripts/llmstxt_generator.py use the requests library to fetch HTML content from external URLs.\n
- Boundary markers: The analysis logic lacks explicit delimiters or instructions to the agent to disregard potential commands embedded in the fetched HTML content.\n
- Capability inventory: The skill has the ability to write files (GEO-AUDIT-REPORT.md, GEO-REPORT.pdf), execute local scripts via Bash, and fetch further web content.\n
- Sanitization: Content is parsed for structure but not sanitized to remove or escape potential natural language instructions.\n- [COMMAND_EXECUTION]: The orchestration logic in SKILL.md and the PDF generation process involve executing local Python scripts within the agent's environment.\n
- Evidence: SKILL.md references the execution of scripts/generate_pdf_report.py to compile audit data.
Audit Metadata