Skills
skills/leonardo-picciani/agent-skills/dataforseo-app-data-api/Gen Agent Trust Hub

dataforseo-app-data-api

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The skill is designed to ingest and summarize untrusted user-generated content (app reviews) from external app stores.
  • Ingestion points: Data retrieved from api.dataforseo.com app review endpoints.
  • Boundary markers: Absent. There are no instructions for using delimiters to separate external data from the agent's instructions.
  • Capability inventory: The skill encourages the agent to perform reasoning and summarization on untrusted data, which could lead to obedience of embedded instructions.
  • Sanitization: Absent. No mechanisms for filtering or escaping malicious content in the reviews are mentioned.
  • Data Exfiltration (LOW): The skill initiates outbound network communication to api.dataforseo.com, which is a non-whitelisted third-party domain.
  • Command Execution (LOW): The skill provides templates for executing curl commands to interact with the API service.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 06:13 AM