Skills
skills/aixier/n8n-automation-hub/anti-scraping/Gen Agent Trust Hub

anti-scraping

Warn

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill patterns utilize child_process.execSync to run Node.js scripts with external input. In the provided examples, variables such as ${url} and ${outputFile} are interpolated directly into shell command strings. This practice is highly susceptible to command injection if the inputs contain shell metacharacters.\n- [PROMPT_INJECTION]: The skill creates a vulnerability surface for indirect prompt injection by ingesting untrusted data from external websites.\n
  • Ingestion points: Data is fetched from arbitrary URLs and saved to /tmp/output.html as defined in the 'Basic Usage Pattern'.\n
  • Boundary markers: The instructions do not define boundary markers or clear separations to distinguish external content from agent instructions.\n
  • Capability inventory: The skill uses execSync for script execution and file system access for reading/writing HTML results.\n
  • Sanitization: There is no mention of sanitization, validation, or escaping of the scraped HTML content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 30, 2026, 05:39 PM