web-scraping-automation
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process data from external, untrusted websites using tools like WebFetch and libraries like requests, BeautifulSoup, and Selenium. This creates a surface for indirect prompt injection where malicious content on a scraped page could influence the agent's behavior. \n
- Ingestion points: WebFetch, requests.get (SKILL.md)\n
- Boundary markers: Absent; no instructions are provided to the agent to ignore or delimit embedded commands in scraped content.\n
- Capability inventory: Bash, Write, Edit (SKILL.md)\n
- Sanitization: Absent; the provided examples do not demonstrate validation or filtering of scraped data before processing.\n- [COMMAND_EXECUTION]: The skill allows the use of the Bash tool and describes the creation of automation scripts. These capabilities, while intended for legitimate scraping tasks, could be misused if the agent is manipulated by instructions found in external data.
Audit Metadata