ahrefs-python
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the
ahrefs-pythonlibrary from the official Ahrefs GitHub repository during installation. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection from processed data.
- Ingestion points: External data from Ahrefs API endpoints (Site Explorer, Keywords Explorer, etc.) is retrieved and processed by the agent in
SKILL.md. - Boundary markers: The skill does not provide delimiters or instructions to the agent to disregard potential instructions embedded within the SEO data.
- Capability inventory: The skill has network capabilities for API communication. No file system writes or command executions were identified in the provided scripts.
- Sanitization: There is no evidence of sanitization or filtering of the content returned by the API before it is passed to the agent context.
Audit Metadata