seo-audit

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx --yes lighthouse to download and execute the Lighthouse auditing tool at runtime. Lighthouse is an industry-standard tool provided by Google for auditing web page quality.
  • [COMMAND_EXECUTION]: The workflow involves executing shell commands via the Lighthouse CLI (npx lighthouse URL ...) to generate performance and SEO reports. The URLs audited are provided by the user.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses and processes untrusted content from external websites (meta tags, page headings, and structured data) which could contain adversarial instructions.
  • Ingestion points: Website HTML, meta tags, image alt text, and JSON-LD structured data fetched from user-provided URLs.
  • Boundary markers: None present; the instructions do not implement delimiters or warnings to ignore instructions embedded within the site content being analyzed.
  • Capability inventory: Performs network requests to fetch website data and executes local commands via the Lighthouse CLI.
  • Sanitization: No sanitization or filtering of external content is described before it is presented to the agent for assessment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 02:42 PM
Security Audit — agent-trust-hub — seo-audit