seo-images
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by fetching and analyzing untrusted content from external URLs. An attacker could embed malicious instructions in SEO elements like alt text or meta descriptions to manipulate the agent's output or actions.
- Ingestion points: External HTML content is retrieved in
scripts/fetch_page.pyand processed inscripts/parse_html.py. - Boundary markers: Absent. The agent is not instructed to treat the extracted data as untrusted.
- Capability inventory: The skill can execute local scripts (
scripts/fetch_page.py,scripts/parse_html.py), write files (page.html,seo-data.json), and perform network requests. - Sanitization: Absent. The parsing script extracts raw text from HTML elements without filtering for potential instructions.
- [COMMAND_EXECUTION]: The skill executes local Python scripts using shell commands to perform page fetching and HTML parsing.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to arbitrary user-provided URLs to retrieve content for analysis.
Audit Metadata