Skills
skills/nowork-studio/notfair/seo-page/Gen Agent Trust Hub

seo-page

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts and shell commands to parse URLs and query Google Search Console data (e.g., analyze_gsc.py, url_inspection.py). These operations are necessary for the skill's primary function of SEO auditing.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted third-party HTML content during its analysis phase.
  • Ingestion points: Phase 1a and Phase 5 use WebFetch to download HTML from user-provided target URLs and competitor pages (SKILL.md).
  • Boundary markers: The skill does not employ explicit delimiters or system instructions to the agent to disregard potential instructions embedded in the external content.
  • Capability inventory: The skill has access to bash, python3, WebFetch, and WebSearch tools (SKILL.md).
  • Sanitization: There is no evidence of HTML sanitization or filtering before the content is processed for SEO scoring.
  • [DATA_EXFILTRATION]: The skill reads business context from a local JSON file located at $HOME/.toprank/business-context/$DOMAIN.json. This is an application-specific configuration path and does not represent access to sensitive system credentials or private user data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:22 AM
Security Audit — agent-trust-hub — seo-page