Skills
skills/zubair-trabzada/dataforseo-claude/seo-report/Gen Agent Trust Hub

seo-report

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local shell and Python scripts located at ~/.claude/skills/seo/scripts/preflight.sh and ~/.claude/skills/seo/scripts/keyword_research.py to manage authentication and verify API access. While these are localized to the skill's directory, they represent an execution of external code not contained within the main instruction file.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from an external source.
  • Ingestion points: Reads audit data from ~/.claude/skills/seo/output/<domain>-audit.json, which originates from the DataForSEO API.
  • Boundary markers: None identified; the agent is instructed to directly incorporate values like audit.executive_summary and issues table into the final report.
  • Capability inventory: The agent has Read and Write permissions, as well as the ability to execute shell scripts.
  • Sanitization: There are no instructions for sanitizing or escaping the content retrieved from the JSON file before formatting it into the markdown report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 09:45 AM
Security Audit — agent-trust-hub — seo-report