AgentReadyHomeAgent Listing

← seo (Agentic-SEO-Skill)

seo (Agentic-SEO-Skill) — agentic threat model

5.9AIVSS 5.9 · Medium

The Agentic-SEO-Skill operates as a deterministic, evidence-backed auditing tool with low overall agentic risk, though its ability to execute bundled scripts and read local repository files introduces localized code execution and data exposure risks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.27Factor sum 2.7/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.10
Contextual Awareness
0.60
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.20
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Designed as an LLM-first skill compatible with Antigravity, Codex, and Claude. It is susceptible to prompt injection via the untrusted web content and GitHub repository files it reads during audits, which could reprogram the model's evaluation logic.

L2 · Data Operations✓ mapped

Reads external websites, blog posts, and GitHub repository files to gather evidence. Threat of data poisoning or indirect prompt injection from malicious target sites designed to exfiltrate data or skew SEO audit results.

L3 · Agent Frameworks✓ mapped

Executes bundled scripts to gather evidence before scoring. If the orchestration framework does not strictly sanitize the inputs or parameters passed to these scripts, it could lead to local command injection or tool misuse.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment and sandboxing of the script execution engine are unspecified. If run locally or in an unsandboxed container, executing scripts to read repo files poses a host compromise risk.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No explicit logging, guardrails, or drift detection mechanisms are mentioned for the audit outputs, though the tool claims to be deterministic and evidence-backed.

L6 · Security & Compliance (cross-cutting)✓ mapped

The skill is open source and free. There are no mentioned compliance certifications (e.g., SOC2) or built-in access control policies governing which repositories or internal websites it is authorized to scan.

L7 · Agent Ecosystem✓ mapped

Designed as a 'skill' for larger platforms (Antigravity, Codex, Claude). If integrated into a multi-agent workflow, a compromise of this skill could be used to feed manipulated SEO/E-E-A-T data to downstream decision-making agents.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).