domain-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill performs network requests using
curlto external domainsmcp.domaindetails.com,api.domaindetails.com, andapi.semrush.comwhich are not on the trusted sources list. These requests transmit user-provided domain names to third-party services. - [EXTERNAL_DOWNLOADS] (LOW): The skill downloads and processes data from external APIs. While it uses
jqfor parsing rather than executing the content as code, it relies on the availability and integrity of these non-whitelisted remote endpoints. - [CREDENTIALS_UNSAFE] (INFO): The skill utilizes
${SEMRUSH_API_KEY}within a URL query string. While this is an environment variable placeholder and not a hardcoded secret, passing API keys in URLs is a suboptimal security practice as they can be captured in server logs or proxy history. - [PROMPT_INJECTION] (LOW): Detected an Indirect Prompt Injection surface (Category 8).
- Ingestion points: Data retrieved from
domaindetails.com,api.semrush.com, andarchive.orgis ingested into the agent context. - Boundary markers: Absent. The output from
curlcommands is processed viajqand formatted into markdown without explicit delimiters or instructions for the agent to ignore embedded commands in the fetched data. - Capability inventory: The skill has network access (
curl) and JSON processing capabilities (jq). It does not appear to have file-write or arbitrary code execution capabilities. - Sanitization: No evidence of sanitization or validation of the content returned from external APIs before it is presented to the agent.
Audit Metadata