Ahrefs Automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill presents a high risk of indirect prompt injection because it processes data from the Ahrefs API, such as anchor text and keyword ranking data, which are controlled by external parties. In a high-privilege environment like Claude Code, which has terminal and file system access, malicious content in these strings could influence the agent to execute dangerous commands.\n
- Ingestion points: External data enters through tools like
AHREFS_FETCH_ALL_BACKLINKS,AHREFS_RETRIEVE_ORGANIC_KEYWORDS, andAHREFS_BATCH_URL_ANALYSIS.\n - Boundary markers: No delimiters or instructions are provided to the agent to ignore embedded instructions in the fetched data.\n
- Capability inventory: While the skill's tools are read-only SEO metrics, the intended runtime environment (Claude Code) has full terminal and file access.\n
- Sanitization: There is no evidence of data sanitization or validation of the retrieved SEO metrics.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the configuration of an external MCP server at
https://rube.app/mcp. This is a third-party dependency provided by Composio, which is not included in the predefined list of trusted organizations or repositories.\n- CREDENTIALS_UNSAFE (SAFE): No hardcoded API keys or secrets were found. Authentication is handled dynamically through the Composio integration.
Recommendations
- AI detected serious security threats
Audit Metadata