The Agent Skills Directory

[Data Exposure & Exfiltration] (LOW): The skill requires outbound network access to api.dataforseo.com and sandbox.dataforseo.com to function, which are external endpoints not included in the trusted domain list.
[Indirect Prompt Injection] (LOW): The skill ingests untrusted user data such as keywords and URLs for processing in API requests without providing sanitization instructions or boundary markers. 1. Ingestion points: SKILL.md (Target: keyword/domain/URL/query string). 2. Boundary markers: Absent. 3. Capability inventory: HTTP POST and GET requests via cURL or agent HTTP tools. 4. Sanitization: Absent.

dataforseo-merchant-api