The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the subprocess module across multiple scripts, such as analyze_gsc.py, list_gsc_sites.py, and preflight.py, to interact with the gcloud CLI. These commands are necessary for retrieving authentication tokens, checking project configurations, and managing API status.
[EXTERNAL_DOWNLOADS]: The preflight.py script and gsc_setup.md documentation provide references and instructions for downloading the official Google Cloud SDK. While the code includes strings describing the curl | bash installation pattern for Linux, these are provided as user instructions in error messages and are not executed by the skill itself.
[DATA_EXFILTRATION]: The skill accesses local sensitive files, including .env and .env.local for API keys and application_default_credentials.json for Search Console access tokens. This information is used to communicate with authorized endpoints at googleapis.com and various CMS platforms. The skill implements SSRF protection in its CMS fetchers to validate hostnames and prevent unauthorized access to internal network addresses.
[PROMPT_INJECTION]: The skill features a 'Content Generation' phase where data retrieved from Google Search Console and CMS APIs is interpolated into prompts for specialized content agents. This creates a surface for indirect prompt injection, although the risk is mitigated as the data originates from sources under the user's control.

seo-analysis