Security risk report for @forgecat/zubair-trabzada_geo-seo-claude v0.1.2
Source Integrity
Low
Profile sourced from GitHub repository (https://github.com/zubair-trabzada/geo-seo-claude) with MIT license and clear attribution.
All dependencies are legitimate, well-known Python packages (requests, playwright, pandoc) and standard tools.
Static scanner confirms low risk; no supply-chain poisoning detected.
Agent Intent
Low
Content describes legitimate SEO/GEO analysis workflows with no instructions to manipulate the AI agent, ignore system prompts, or exfiltrate data.
Detailed technical instructions (e.g., Wikipedia API checks, robots.txt parsing, schema validation) are educational and operational—they guide the agent to perform its stated function (website auditing), not to subvert it.
No guidance poisoning: recommendations for Python packages, structured data standards, and platform APIs are all legitimate and security-neutral.
No system prompt leakage instructions: the agent is not instructed to reveal, dump, or transmit its instructions, tool definitions, or conversation memory.
Details
Findings
Invisible characters detected
skills/geo-compare/SKILL.md · SKILL-011
Evidence
README and skill descriptions focus on SEO/GEO analysis methodology.
Agent instructions (e.g., geo-ai-visibility.md, geo-content.md) contain detailed scoring rubrics and analysis steps—all aligned with the stated purpose of auditing websites for AI search optimization.
No paraphrased or obfuscated malicious directives detected.
Permissions
Low
Declared tools (Read, Bash, WebFetch, Write, Glob, Grep) are appropriate for a website auditing tool: fetching remote URLs, parsing HTML/text, writing reports.
No high-risk categories (file_delete, file_mutate, shell with arbitrary execution) are requested.
Bash usage is scoped to specific, documented tasks (Python script execution for Wikipedia API checks, fetch_page.py utility calls) rather than unrestricted shell access.
Tool authority matches the stated function: analyzing websites and generating reports.
Details
Evidence
allowed-tools in SKILL.md and agent files list: Read, Bash, WebFetch, Write, Glob, Grep—all medium-risk or lower.
Bash invocations in agent instructions are specific (e.g., 'python3 -c "import requests..."' for Wikipedia API) and not arbitrary.
No alwaysApply=true rules with glob='**' patterns detected.
MCP Risk
Low
No MCP servers are defined in the profile.
Profile relies on standard Claude Code tools (WebFetch, Bash, Write, etc.) rather than custom MCP integrations.
External dependencies (Python packages, pandoc, Chrome) are optional and well-known; no hidden binary execution or unrestricted network access.
Details
Evidence
MCP servers section is empty.
Dependencies listed in README are transparent: Python 3.8+, optional Playwright, optional pandoc/Chrome for PDF generation.
No arbitrary binary execution or unknown external hosts in tool definitions.