dataforseo-app-data-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt requires HTTP Basic auth and explicitly instructs building an Authorization header from base64(login:password) and lists login+password as inputs, meaning the agent may need to read and embed raw credentials in requests (high exfiltration risk), even though an env-var cURL example is shown.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and ingests app store content (e.g., via the Google/Apple app_reviews and app_listings endpoints referenced in the docs such as https://docs.dataforseo.com/v3/app_data/google/app_reviews/task_post/), which are untrusted, user-generated third-party sources that the agent is expected to read and summarize.