web-scraping-automation
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through external data ingestion.
- Ingestion points: Data enters the agent context via WebFetch, WebSearch, and various scraping libraries (requests, selenium, etc.) from arbitrary external URLs in SKILL.md.
- Boundary markers: The skill lacks instructions or delimiters to isolate fetched content or prevent the agent from following instructions embedded within the scraped data.
- Capability inventory: Across SKILL.md, the agent is granted powerful capabilities including Bash, Write, and Edit, which could be exploited if malicious instructions are processed.
- Sanitization: There is no logic provided to sanitize, filter, or validate the content retrieved from external sources before the agent acts upon it.
- [EXTERNAL_DOWNLOADS]: The skill's core functionality involves downloading content from external, untrusted network locations using tools like WebFetch and standard HTTP libraries.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute scraping scripts and automate tasks, which represents a potential risk if combined with untrusted inputs fetched during the scraping process.
Audit Metadata