dataforseo-serp-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires constructing HTTP Basic auth (Authorization: Basic base64(login:password)) and shows curl usage that embeds login/password, which forces the agent/LLM to include raw credential values in generated requests/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill calls the DataForSEO SERP API (e.g., https://api.dataforseo.com/ and listed endpoints in the Docs Map) to fetch/search engine results and raw SERP payloads from the open web, which the agent is expected to read and summarize—clearly ingesting untrusted third-party content.