blog-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
requestsPython library to perform network operations. This is a standard dependency for fetching web content. - [COMMAND_EXECUTION]: The skill executes a Python script (
scripts/scrape_blogs.py) to discover feeds, parse XML content, and interact with the Apify API. This behavior is consistent with the skill's primary function. - [DATA_EXPOSURE]: The script interacts with the Apify API (
api.apify.com) to perform scraping tasks. It properly handles the Apify API token by allowing it to be passed as a command-line argument or retrieved from theAPIFY_API_TOKENenvironment variable, which is a standard practice for managing credentials. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests untrusted data from external RSS feeds and blog URLs provided by the user.
- Ingestion points: External XML feeds and HTML content are fetched via
requests.getinscripts/scrape_blogs.py. - Boundary markers: The skill does not use specific delimiters or instructions to warn the agent about potentially malicious content embedded in the scraped blog posts.
- Capability inventory: The skill can perform network operations via
requestsand output data to stdout, which may be processed by subsequent agent steps. - Sanitization: The skill performs basic XML parsing and client-side filtering but does not explicitly sanitize the text content for instructions directed at the LLM.
- Note: This represents an inherent risk for any web-scraping tool rather than a specific malicious implementation.
Audit Metadata