scrape-webpage
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill is designed to fetch content and images from arbitrary URLs. While this is its core function, it presents a surface for SSRF (Server-Side Request Forgery) if the agent has access to internal network resources.
- [COMMAND_EXECUTION] (LOW): The instructions require the user to execute shell commands to install dependencies, specifically Playwright and Sharp (
npm install,npx playwright install chromium). - [Indirect Prompt Injection] (LOW): The skill processes untrusted data from external websites that is subsequently used by other skills in a pipeline. An attacker-controlled webpage could contain hidden instructions intended to hijack the agent's logic during downstream analysis.
- Ingestion points:
analyze-webpage.js(via Playwright fetching a remote URL). - Boundary markers: None detected; the scraped content is saved to JSON and HTML files without explicit delimiter-based safety warnings for the LLM.
- Capability inventory: File system write access (
fs.mkdirSync,fs.writeFile) and network access (Playwright browser). - Sanitization: The skill performs HTML cleaning (removing scripts/styles) and filename sanitization, but does not filter natural language content for adversarial instructions.
Audit Metadata