dataforseo-business-data-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt instructs building an Authorization header using HTTP Basic (base64(login:password)) and lists API login+password as required inputs, which can require the model to embed user secrets verbatim into requests/commands (high exfiltration risk), even though an env-var example is provided.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and read public, user-generated content (e.g., Google reviews and Q&A via https://api.dataforseo.com/v3/business_data/google/reviews/task_post and Google/questions_and_answers/live, Trustpilot and Tripadvisor overviews) and to summarize/include raw responses, exposing it to untrusted third-party content that could contain indirect prompt injection.