Skills
skills/openclaudia/openclaudia-skills/ahrefs-research/Gen Agent Trust Hub

ahrefs-research

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the ahrefs-python SDK directly from the official Ahrefs GitHub repository (https://github.com/ahrefs/ahrefs-python.git). This is an expected installation of an official tool from a well-known service provider.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes untrusted data retrieved from the Ahrefs API.
  • Ingestion points: Untrusted data enters the agent context via site exploration and keyword research methods such as site_explorer_organic_keywords and keywords_explorer_overview (documented in SKILL.md).
  • Boundary markers: The instructions do not implement or recommend the use of delimiters or specific instructions to ignore embedded commands in the fetched SEO data.
  • Capability inventory: The skill provides comprehensive methods for data retrieval across multiple SEO domains.
  • Sanitization: There is no evidence of content sanitization or validation of the strings returned from the external API endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 01:09 AM