scrapedo-web-scraper
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The script sends the user's API token to http://api.scrape.do via plain HTTP. This transmits credentials in cleartext, making them vulnerable to interception on the network. Using https:// is the required security standard for API communication.
- [CREDENTIALS_UNSAFE] (MEDIUM): The script retrieves credentials from local files like .env and config/token.txt. While used for configuration, this pattern involves access to sensitive file paths which requires careful management to prevent exposure.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). (1) Ingestion points: scripts/scrape.py reads content from arbitrary URLs provided by the user. (2) Boundary markers: Absent. Scraped content is returned to the agent without delimiters or instructions to ignore embedded commands. (3) Capability inventory: The script performs scraping and text extraction; it does not execute code from the input, but the downstream agent might. (4) Sanitization: The extract_text_from_html function removes code tags (script, style) but preserves all natural language text, which may contain malicious instructions.
Audit Metadata