nebula-scrape-url
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes a local script
scripts/scrape-page.jsvia thenodecommand to process user-supplied URLs. While necessary for the skill's purpose, it constitutes local command execution. - [PROMPT_INJECTION] (LOW): The skill has a surface for Indirect Prompt Injection (Category 8) by ingesting untrusted content from external websites. Evidence: 1. Ingestion points: External web content (HTML) from user-provided URLs. 2. Boundary markers: None provided to distinguish between script instructions and scraped content. 3. Capability inventory: Execution of local scripts and writing to the file system. 4. Sanitization: No sanitization of the scraped HTML is mentioned before it is processed by the agent.
Audit Metadata