Skills
skills/seranking/seo-skills/seo-hreflang/Gen Agent Trust Hub

seo-hreflang

Fail

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: In Step 6, the skill instructs the agent to execute a shell command: python3 scripts/gsc_query.py --property "{property}" --json. The {property} value is populated with domain names extracted from the href attributes of hreflang tags found on the website being audited. Since this data is sourced from an untrusted external site, a malicious actor could include shell metacharacters (e.g., ;, &&, |) in the URL to perform arbitrary command execution on the host machine.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. It ingests untrusted data from the web (HTML tags via Firecrawl/WebFetch and XML sitemaps) in Steps 4 and 5. This data is then used to determine the behavior of the agent in subsequent steps, including the construction of command-line arguments and report synthesis, without any described sanitization or boundary markers to separate untrusted data from instruction logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 17, 2026, 07:04 AM
Security Audit — agent-trust-hub — seo-hreflang