web-scraping-automation
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by facilitating the ingestion of data from external sources.
- Ingestion points: The functions
scrape_website,call_api, andscrape_dynamic_pageinSKILL.mdare designed to retrieve and process HTML and JSON data from arbitrary URLs. - Boundary markers: The instructions do not include boundary markers (like XML tags or specific delimiters) or warnings to the agent to disregard instructions found within the scraped content.
- Capability inventory: The skill is granted access to powerful tools including
Bash,Write, andEdit, which increases the potential impact if the agent follows malicious instructions embedded in a scraped webpage. - Sanitization: The provided code examples lack data sanitization or validation steps to ensure the retrieved content does not contain executable commands or prompt injection payloads.
Audit Metadata