seo-images
Warn
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local script
python3 scripts/pagespeed_check.pyand refers tobash extensions/firecrawl/install.sh. Since these scripts are not included in the provided skill files, their behavior cannot be audited or verified for safety. - [COMMAND_EXECUTION]: The skill logic involves interpolating user-provided URLs into shell commands (e.g.,
python3 scripts/pagespeed_check.py "{url}"). If the agent fails to sanitize these inputs, it could lead to command injection vulnerabilities. - [CREDENTIALS_UNSAFE]: The skill explicitly reads configuration and API keys from
~/.config/seo-skills/google-api.json. Accessing sensitive files within the user's home directory is a high-risk operation. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it scrapes and processes raw HTML and JSON-LD from external websites.
- Ingestion points: HTML attributes (alt, srcset) and JSON-LD blocks scraped via Firecrawl.
- Boundary markers: None. There are no instructions to the agent to treat scraped content as untrusted or to ignore embedded instructions.
- Capability inventory: Subprocess execution (python3) and file writing (generating audit reports).
- Sanitization: No sanitization of scraped text is documented before it is synthesized into final reports or suggested remediation snippets.
Audit Metadata