sales-semrush

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is primarily instructional, providing detailed workflows for the Semrush SEO platform, including keyword research, site audits, and competitive analysis. It refers to the official Semrush API and uses standard placeholders for authentication keys without accessing or exfiltrating sensitive local data.
  • [EXTERNAL_DOWNLOADS]: The skill suggests the installation of related third-party extensions via the npx skills add command. These are presented as optional, informative resources and point to public GitHub repositories for specialized SEO tasks.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by reading from references/learnings.md at the start of each session. 1. Ingestion points: references/learnings.md (read on startup). 2. Boundary markers: None. 3. Capability inventory: No executable scripts or high-privilege capabilities are defined within the skill. 4. Sanitization: None.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:35 PM
Security Audit — agent-trust-hub — sales-semrush