seo-dataforseo
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing Python dependencies via 'pip install -r scripts/requirements.txt'. While this is standard for script execution, it involves downloading packages from the public PyPI registry.
- [CREDENTIALS_UNSAFE]: The skill requires the user to store DataForSEO API credentials ('DATAFORSEO_LOGIN' and 'DATAFORSEO_PASSWORD') in a local '.env' file. Users should ensure this file is included in '.gitignore' to prevent accidental exposure in version control systems.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Data is ingested from the DataForSEO API and subsequently read from JSON files stored in the 'results/' directory.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the workflow for summarizing retrieved data.
- Capability inventory: The skill possesses network access capabilities for API communication and file-writing capabilities for storing research results.
- Sanitization: There is no evidence of content sanitization or validation of the data retrieved from the external API before it is processed by the agent for markdown summary generation.
Audit Metadata