seo-schema
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites that could contain malicious instructions. If an attacker controls the content of a target URL, they could attempt to influence the agent's behavior during the synthesis and report-writing phase.
- Ingestion points: Untrusted HTML content and metadata are ingested from target URLs and competitor sites using the
mcp__firecrawl-mcp__firecrawl_scrapetool. - Boundary markers: There are no explicit instructions or delimiters used to isolate external content or warn the agent to ignore instructions embedded within the scraped data.
- Capability inventory: The skill possesses capabilities to write files to the local system (JSON-LD and markdown reports) and to perform network-based operations via the
DATA_getSerpResultstool. - Sanitization: The skill lacks evidence of sanitization or validation of the scraped HTML strings (such as page titles, headings, or FAQ text) before they are interpolated into prompt templates or final deliverables.
Audit Metadata