dataforseo-backlinks-api
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill processes untrusted external data (backlink profiles, anchor text) from api.dataforseo.com (SKILL.md). Evidence: 1. Ingestion point: API response data; 2. Boundary markers: Absent; 3. Capability inventory: HTTP network requests; 4. Sanitization: Absent. The severity is low as the skill's scope is limited to data retrieval and summarization.
- [DATA_EXFILTRATION] (LOW): Outbound network access to a non-whitelisted domain. The skill requires access to api.dataforseo.com and docs.dataforseo.com. While these are legitimate service endpoints, they facilitate data transfer to external servers. Credentials are handled via environment variables, which is a standard practice.
Audit Metadata