ahrefs
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from npm, which is the official tool for the Membrane platform. - [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands via the
membraneCLI for logging in, connecting to services, and running data-retrieval actions. - [PROMPT_INJECTION]: The skill ingests untrusted data from external websites via the Ahrefs API, creating a surface for indirect prompt injection attacks.
- Ingestion points: Data such as page titles, anchor text, and URL paths are retrieved through actions like
get-backlinks,get-pages, andget-anchors(SKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the retrieved SEO data as untrusted content.
- Capability inventory: The agent can perform network requests and execute command-line operations using the
membranetool (SKILL.md). - Sanitization: No sanitization or content filtering is implemented for the external data before it is processed by the agent.
Audit Metadata