seo-audit
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill inherently ingests untrusted HTML content (titles, meta tags, and body text) from arbitrary user-supplied URLs during the audit process (src/crawler/fetcher.ts). This attack surface is mitigated by a sophisticated security envelope in the LLM-optimized reporter (src/reporters/llm-reporter.ts) which uses per-report 128-bit nonces, stamped delimiters (<untrusted-{nonce}>), and rigorous character stripping to ensure external content is treated as data rather than instructions.\n- [OBFUSCATION]: Heuristic detections flagged the use of hidden Unicode characters (zero-width spaces and Unicode tags) in src/reporters/llm-reporter.test.ts. Analysis confirms these are benign test fixtures used to verify the tool's sanitization logic, which is specifically designed to strip such characters to prevent steganographic prompt injection attacks.
Audit Metadata