sales-semrush

Warn

Audited by Snyk on Apr 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read public third-party data via Semrush tools and APIs (see SKILL.md examples and references/semrush-api-reference.md and references/platform-guide.md: Keyword Magic Tool, Site Audit, Domain Overview, Backlinks/Organic Positions, AI Visibility) about arbitrary domains/URLs and to interpret those results to drive actions (prioritizing fixes, automations, API-driven workflows), which exposes the agent to untrusted external content that could carry indirect prompt injection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 06:37 PM
Issues
1
Security Audit — snyk — sales-semrush