The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/lighthouse_run.py executes the lighthouse or npx lighthouse CLI tool using subprocess.run. While used for performance auditing, this executes an external binary with parameters derived from user-provided URLs.
[CREDENTIALS_UNSAFE]: The script scripts/google_auth.py manages sensitive Google API credentials, reading and writing to ~/.config/claude-seo/google-api.json and ~/.config/claude-seo/oauth-token.json. It also implements an OAuth flow that starts a local web server on port 8085 to capture authorization codes.
[EXTERNAL_DOWNLOADS]: The skill performs extensive network operations to fetch HTML, robots.txt, and sitemaps from arbitrary target domains provided by the user. Specifically, scripts/run_audit.sh uses curl to fetch llms.txt files from remote servers.
[INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from the web to generate audit reports.
Ingestion points: scripts/fetch_page.py and scripts/crawl_site.py download HTML content from external target URLs.
Boundary markers: Absent. The skill does not use delimiters or warnings to isolate external content like titles, meta descriptions, or schema data from the agent's instructions.
Capability inventory: The agent can execute shell commands via scripts/lighthouse_run.py, make network requests via requests, and access local configuration files via scripts/google_auth.py.
Sanitization: The skill uses BeautifulSoup to parse HTML, but it does not perform sanitization or escaping on extracted text elements before rendering them into the final report for the agent's review.

google-audit