Skills
skills/seranking/seo-skills/seo-drift/Gen Agent Trust Hub

seo-drift

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local Python scripts from the scripts/ directory to interface with Google APIs and PageSpeed Insights. It passes the target domain or URL as a command-line argument to these utilities.
  • Evidence: Execution of python3 scripts/pagespeed_check.py "{target}" --crux-only --json and similar patterns for CrUX history and GSC inspection.
  • [DATA_EXFILTRATION]: While the skill fetches data from external URLs, it incorporates a robust validation mechanism to prevent Server-Side Request Forgery (SSRF) attacks. It verifies that target URLs do not point to restricted environments such as local loopbacks, private IP ranges, or cloud metadata services.
  • Evidence: Mandatory pre-fetch validation using scripts.google_auth.validate_url to filter out addresses like 127.0.0.1, 10/8, and Google metadata endpoints.
  • [SAFE]: The skill's behavior is consistent with its stated SEO monitoring purpose. No evidence of obfuscation, unauthorized persistence, or credential harvesting was found. Local state and configuration are managed via standard JSON files within the skill's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:04 AM
Security Audit — agent-trust-hub — seo-drift