seo-audit
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it ingests and processes untrusted HTML from audited sites and includes snippets in reports.
- Ingestion points: src/auditor.ts and src/crawler/fetcher.ts fetch content from user-provided URLs.
- Boundary markers: XML tags are used in the LLM-optimized report (src/reporters/llm-reporter.ts), but no explicit warnings or delimiters are provided to the agent to disregard instructions within the audited data.
- Capability inventory: The skill is allowed to execute bash commands (seomator CLI) and uses Playwright for browser-based auditing.
- Sanitization: Content is escaped for XML output but no specific filtering for prompt injection payloads is performed on the ingested content.
- [REMOTE_CODE_EXECUTION]: The tool executes untrusted JavaScript from external websites using a headless browser (Playwright) to analyze rendered content.
- Evidence: src/crawler/playwright-fetcher.ts uses page.goto to load and execute scripts from target URLs.
- [EXTERNAL_DOWNLOADS]: The skill connects to and fetches data from arbitrary external URLs as part of its primary auditing and crawling functionality.
- Evidence: src/crawler/fetcher.ts and src/auditor.ts perform network requests to target websites provided during the audit.
Audit Metadata