seo-optimization
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests and processes content from external URLs provided by the user, which creates a surface for indirect prompt injection attacks.
- Ingestion points: Target URLs are processed using the
WebFetchtool to conduct SEO audits as described inSKILL.mdand defined inschemas/input.schema.json. - Boundary markers: The instructions lack specific guidance for the agent to use delimiters or ignore instructions embedded within the fetched web content.
- Capability inventory: The skill possesses capabilities to write to the file system, execute shell commands, and perform further network operations (
Write,Edit,Bash,WebFetch,WebSearch). - Sanitization: No sanitization or validation protocols are defined for handling external data before it is integrated into the agent's context.
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto execute the Google-developed Lighthouse auditing tool, which may trigger a package download during execution. - Evidence:
SKILL.mdprovides example commands usingnpx lighthouseto analyze website performance and SEO metrics. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform technical diagnostics on target domains. - Evidence:
SKILL.mdincludes instructions for executingcurlto retrieverobots.txtandsitemap.xmlfiles, as well as running the Lighthouse CLI tool for site audits.
Audit Metadata