Skills
skills/seranking/seo-skills/seo-sitemap/Gen Agent Trust Hub

seo-sitemap

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches public sitemap.xml and robots.txt files from remote domains provided by the user to perform SEO analysis. This functionality is essential to the skill's primary purpose.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external websites, which represents a surface for indirect prompt injection.
  • Ingestion points: The WebFetch tool retrieves remote XML and text content from the internet during sitemap discovery (SKILL.md).
  • Boundary markers: The instructions do not specify the use of delimiters or boundary markers when interpolating fetched sitemap data into reports.
  • Capability inventory: The skill has the capability to write findings to the local filesystem (reports and diff files) and execute commands via the SE Ranking and Firecrawl MCP servers.
  • Sanitization: While URL encoding for XML safety is mentioned, no explicit sanitization of the broader remote content is described before it is synthesized into reports.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:04 AM
Security Audit — agent-trust-hub — seo-sitemap