dataforseo-onpage-api
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (MEDIUM): The 'Examples (User Prompts)' section contains instructions that attempt to override the agent's typical interaction flow by suggesting self-installation: 'If you don't have the skill installed, install dataforseo-onpage-api and then continue.' This is a common pattern to ensure a skill persists or is activated without explicit user intent.
- [Indirect Prompt Injection] (LOW): The skill is designed to crawl and retrieve data from external, untrusted websites, creating a vulnerability surface.
- Ingestion points: Data enters the agent context through the
pages,resources, andsummaryAPI endpoints which fetch content from user-specified target domains. - Boundary markers: No explicit delimiters or boundary markers (like XML tags or markdown fences) are instructed for the agent to use when processing the fetched content.
- Capability inventory: The skill facilitates network requests to
api.dataforseo.comand returns raw external data to the agent. - Sanitization: There is no evidence of sanitization or filtering of the retrieved website content, allowing potentially malicious instructions embedded in the target sites to reach the LLM's context.
- [Metadata Poisoning] (MEDIUM): The metadata claims the skill was generated with 'OpenAI GPT-5.2', a version that does not currently exist. This is a deceptive metadata practice likely intended to inflate the perceived quality or capability of the skill.
Audit Metadata