skills/leonardo-picciani/dataforseo-agent-skills/dataforseo-domain-analytics-api/Gen Agent Trust Hub
dataforseo-domain-analytics-api
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). It is designed to ingest and summarize untrusted data from external domains (tech stack details, HTML signals, and WHOIS records).
- Ingestion points:
https://api.dataforseo.com/v3/domain_analytics/(technologies, whois endpoints). - Capability inventory: The agent is expected to 'enrich leads', 'summarize differences', and 'highlight patterns', which involves processing external content into reasoning and decision-making steps.
- Boundary markers: None detected in the instructions to prevent the agent from obeying instructions embedded in the external API responses.
- Sanitization: No mention of sanitization for the external data before it is passed to the LLM.
- [COMMAND_EXECUTION] (LOW): The documentation provides
curlexamples. While these are for the user to understand the API, an agent executing these commands would be performing outbound network requests with user-provided credentials. - [EXTERNAL_DOWNLOADS] (LOW): The skill references several external documentation URLs. While these are from a legitimate provider (
dataforseo.com), they represent an external dependency for the agent's logic.
Recommendations
- AI detected serious security threats
Audit Metadata