seo-audit

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill inherently ingests untrusted HTML content (titles, meta tags, and body text) from arbitrary user-supplied URLs during the audit process (src/crawler/fetcher.ts). This attack surface is mitigated by a sophisticated security envelope in the LLM-optimized reporter (src/reporters/llm-reporter.ts) which uses per-report 128-bit nonces, stamped delimiters (<untrusted-{nonce}>), and rigorous character stripping to ensure external content is treated as data rather than instructions.\n- [OBFUSCATION]: Heuristic detections flagged the use of hidden Unicode characters (zero-width spaces and Unicode tags) in src/reporters/llm-reporter.test.ts. Analysis confirms these are benign test fixtures used to verify the tool's sanitization logic, which is specifically designed to strip such characters to prevent steganographic prompt injection attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 10:42 AM
Security Audit — agent-trust-hub — seo-audit