The Agent Skills Directory

Prompt Injection (MEDIUM): The 'Examples (User Prompts)' section includes instructions for the agent to install the skill itself ('install dataforseo-keywords-data-api and then continue'). This pattern can be used to trick an agent into executing installation actions without explicit, out-of-band user consent.
Metadata Poisoning (MEDIUM): The skill's metadata claims it was 'generated_with: OpenAI GPT-5.2', which is a non-existent model version. Such misleading metadata can be used to create a false sense of trust or capability.
Data Exfiltration (LOW): The skill requires outbound network access to 'api.dataforseo.com', which is not a trusted domain. While this is the legitimate API for the service, it presents a potential channel for sensitive data exfiltration.
Indirect Prompt Injection (LOW): The skill ingests external data from the DataForSEO API and documentation sites without defined sanitization or boundary markers. 1. Ingestion points: api.dataforseo.com and docs.dataforseo.com. 2. Boundary markers: Absent. 3. Capability inventory: HTTP requests via curl. 4. Sanitization: Absent.
Credentials Unsafe (INFO): The skill asks for a login and password for authentication. Providing sensitive credentials directly to an agent as input is a security risk compared to using secure credential management systems.

dataforseo-keywords-data-api