scrapling
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill manages external dependencies by installing the
scraplingPython package and its extras (fetchers, shell, ai) from PyPI. Additionally, it executesscrapling install, which typically downloads browser binaries (such as Playwright or Patchright) required for dynamic and stealthy scraping. - [COMMAND_EXECUTION]: The skill includes several shell scripts (
scripts/install.sh,scripts/run-extract.sh,scripts/run-mcp.sh) that perform environment setup and execute scraping tasks or MCP server operations via the system shell. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes untrusted data from the internet.
- Ingestion points: Untrusted data enters the agent's context through web scraping operations performed by the
Fetcher,DynamicFetcher, andStealthyFetcherclasses, or via thescrapling extractCLI command referenced inSKILL.mdandscripts/run-extract.sh. - Boundary markers: There are no explicit instructions or delimiters (e.g., XML tags or specific 'ignore' directives) provided to the agent to distinguish between its instructions and potentially malicious commands embedded in the scraped HTML or text content.
- Capability inventory: The agent has the capability to write the processed output to local files (e.g.,
article.mdorcontent.txt) as demonstrated in the CLI examples, and it can execute various subprocesses via the provided scripts. - Sanitization: While the skill suggests outputting data as Markdown or plain text to reduce model context overhead, it does not implement formal sanitization, escaping, or validation of the remote content before it is processed by the AI.
Audit Metadata