Skills
skills/seranking/seo-skills/seo-content-audit/Gen Agent Trust Hub

seo-content-audit

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/ga4_report.py to retrieve organic traffic data from Google Analytics 4. This is a functional component of the skill for authenticated users with high-tier access.
  • [EXTERNAL_DOWNLOADS]: The process involves fetching content from external, user-provided URLs using WebFetch and mcp__firecrawl-mcp__firecrawl_scrape. While necessary for the skill's primary purpose of auditing content, it involves interaction with untrusted remote data.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests and processes untrusted data from the internet (Step 1: Fetch content). This data is subsequently evaluated by the AI model against various rubrics, which could allow a malicious webpage to attempt to influence the agent's behavior or audit results.
  • Ingestion points: Step 1 uses WebFetch and Firecrawl to pull markdown and HTML from user-provided URLs.
  • Boundary markers: The instructions do not explicitly specify delimiters or "ignore embedded instructions" warnings when processing the fetched content.
  • Capability inventory: The skill has command execution capabilities (python3 scripts/ga4_report.py) and utilizes multiple data-retrieval tools.
  • Sanitization: There is no mention of sanitization or filtering of the fetched web content before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:04 AM
Security Audit — agent-trust-hub — seo-content-audit