pagerangers-seo

Pass

Audited by Gen Agent Trust Hub on Jun 8, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No patterns were detected that attempt to bypass safety filters, override agent behavior, or extract system instructions.
  • [CREDENTIALS_UNSAFE]: No hardcoded credentials found. The skill correctly directs users to store API keys in a local hidden file (~/.env.pagerangers), which is a standard and secure practice for CLI tools.
  • [DATA_EXFILTRATION]: Access to local files is restricted to reading the skill's own configuration and credentials. Network activity is limited to the official PageRangers API domain (api.pagerangers.com) for the stated purpose of keyword analysis.
  • [REMOTE_CODE_EXECUTION]: The Python implementation uses the standard library and does not download or execute remote scripts or untrusted binary content.
  • [DYNAMIC_EXECUTION]: The codebase does not use eval(), exec(), or other dynamic code execution patterns on external data.
  • [COMMAND_EXECUTION]: Executable Python scripts are used to provide a CLI interface for the agent. The logic is transparent, well-tested, and limited to API interaction and data formatting.
  • [METADATA_POISONING]: Skill metadata accurately reflects the tool's purpose and functionality without deceptive content.
  • [INDIRECT_PROMPT_INJECTION]: While the skill processes external SEO data, it uses structured JSON parsing and does not interpolate untrusted content into sensitive execution contexts in a way that poses a high risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 8, 2026, 02:02 PM
Security Audit — agent-trust-hub — pagerangers-seo