pagerangers-seo
Pass
Audited by Gen Agent Trust Hub on Jun 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No patterns were detected that attempt to bypass safety filters, override agent behavior, or extract system instructions.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials found. The skill correctly directs users to store API keys in a local hidden file (
~/.env.pagerangers), which is a standard and secure practice for CLI tools. - [DATA_EXFILTRATION]: Access to local files is restricted to reading the skill's own configuration and credentials. Network activity is limited to the official PageRangers API domain (
api.pagerangers.com) for the stated purpose of keyword analysis. - [REMOTE_CODE_EXECUTION]: The Python implementation uses the standard library and does not download or execute remote scripts or untrusted binary content.
- [DYNAMIC_EXECUTION]: The codebase does not use
eval(),exec(), or other dynamic code execution patterns on external data. - [COMMAND_EXECUTION]: Executable Python scripts are used to provide a CLI interface for the agent. The logic is transparent, well-tested, and limited to API interaction and data formatting.
- [METADATA_POISONING]: Skill metadata accurately reflects the tool's purpose and functionality without deceptive content.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes external SEO data, it uses structured JSON parsing and does not interpolate untrusted content into sensitive execution contexts in a way that poses a high risk.
Audit Metadata