web-scraping-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest untrusted data from external websites (via WebFetch) and has the capability to execute commands (via Bash) or modify files (via Write/Edit). This creates a risk where malicious instructions embedded in a scraped website could influence the agent's behavior.
- Ingestion points: Uses the
WebFetchtool to retrieve content from arbitrary URLs and theReadtool for local files. - Boundary markers: There are no instructions or delimiters defined to help the agent distinguish between its own system instructions and the content retrieved from external websites.
- Capability inventory: The skill allows access to
Bashfor command execution, andWrite/Editfor file system access, which are high-impact capabilities if subverted. - Sanitization: The skill lacks guidance or logic for sanitizing or escaping the data fetched from the web before it is processed or used in subsequent steps.
- Command Execution (LOW): The skill allows the use of the
Bashtool and provides templates for generating Python and JavaScript scripts. While intended for scraping, this enables the execution of arbitrary code on the host system. - External Downloads (SAFE): The skill mentions several third-party libraries (requests, selenium, puppeteer) as part of a recommended technical stack. However, it does not attempt to automatically download or execute scripts from unverified remote sources during its own initialization.
Audit Metadata