The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Upon loading, the skill automatically triggers the global installation of the @seomator/seo-audit package and the download of the Chromium browser (~200MB) from external sources.
[COMMAND_EXECUTION]: The skill instructs the agent to run setup commands (npm install, playwright install) automatically before user interaction. It also suggests using sudo for installation and modifying file attributes with xattr in its troubleshooting guide.
[REMOTE_CODE_EXECUTION]: Executes third-party CLI tools and binaries downloaded at runtime. It also recommends disabling SSL certificate verification (NODE_TLS_REJECT_UNAUTHORIZED=0), which is a dangerous practice allowing for potential traffic interception.
[PROMPT_INJECTION]: Vulnerable to indirect prompt injection. The skill ingests data from untrusted external URLs and formats it specifically for LLM consumption (--format llm). Malicious actors could place instructions on audited websites to compromise the agent's logic.
[PROMPT_INJECTION]: Evidence Chain: (1) Ingestion point: seomator audit <url> command in SKILL.md. (2) Boundary markers: None present in the instructions. (3) Capability inventory: File system access, network access, and dependency installation. (4) Sanitization: No evidence of input validation.

seo-audit