dataforseo-app-data-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires HTTP Basic auth and explicitly instructs building an Authorization header from base64(login:password) and lists login+password as inputs, meaning the agent may need to read and embed raw credentials in requests (high exfiltration risk), even though an env-var cURL example is shown.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls the DataForSEO App Data API (e.g., app_reviews and app_listings endpoints for Google Play and Apple App Store) to fetch public, user-generated app reviews and listings which the agent is expected to read and summarize, exposing it to untrusted third-party content.