semrush-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill ingests data from an external API, creating a surface for indirect prompt injection. 1. Ingestion points: api.semrush.com CSV responses (SKILL.md). 2. Boundary markers: None present to separate API data from agent instructions. 3. Capability inventory: Includes curl, awk, and printf for data processing. 4. Sanitization: No explicit sanitization or escaping of the semicolon-delimited CSV data is performed before parsing.
- [COMMAND_EXECUTION] (LOW): The skill generates shell commands by interpolating user-provided domains and keywords into curl templates. While this is the intended function, it introduces a potential command injection surface if the inputs are not properly sanitized by the executing agent.
Audit Metadata