seo-dataforseo
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's cost-management functionality relies on a local Python script (
scripts/dataforseo_costs.py) that is not included in the skill package. This results in the agent attempting to execute unverified code from the host filesystem, whose behavior cannot be audited. - [EXTERNAL_DOWNLOADS]: The skill directs the user to install a third-party extension by running a shell script from a relative path outside the skill's scope (
./extensions/dataforseo/install.sh). Executing external scripts from unverified local paths is a security risk as the script's contents and provenance are unknown. - [COMMAND_EXECUTION]: The skill constructs shell commands using placeholders (e.g.,
python scripts/dataforseo_costs.py check <endpoint>) that may be populated with strings derived from external API responses or search results. This creates a potential command injection vulnerability if the agent interpolates unsanitized data into the command line. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and parsing untrusted data from external sources.
- Ingestion points: Data is ingested via
on_page_content_parsing(web page content) andai_optimization_chat_gpt_scraper(third-party LLM responses). - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill possesses shell execution capabilities through the cost-logging Python script and installation instructions.
- Sanitization: There is no evidence of sanitization or filtering applied to external content before it is processed by the agent or used in command construction.
Audit Metadata