The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local script python3 scripts/google_auth.py --check --json to verify the availability of Google API credentials. This is a legitimate configuration check used to determine which data sources are available for enrichment.
[PROMPT_INJECTION]: The skill processes content from local audit reports such as TECH-AUDIT.md and VERDICT.md generated by other specialist skills. This represents a surface for indirect prompt injection where malicious instructions could theoretically be embedded in the website data being audited, though this is a standard risk for SEO tools and the data is treated as structured input for synthesis.
[EXTERNAL_DOWNLOADS]: The skill includes instructional pointers suggesting the user can run bash extensions/google/install.sh to configure credentials. This is a user-initiated setup step and not an automated download or execution by the skill itself.
[SAFE]: All tool calls (SE Ranking, Firecrawl) and script references (google_auth.py) are consistent with the vendor's ecosystem and the skill's stated purpose of providing an SEO strategy synthesis.

seo-plan