Skills
skills/besoeasy/open-skills/crawl-websites-at-scale/Gen Agent Trust Hub

crawl-websites-at-scale

Fail

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for executing various CLI commands to manage Scrapy projects and run web crawlers.
  • [COMMAND_EXECUTION]: The installation guide includes a command using sudo (sudo apt-get install -y python3-pip) which grants administrative privileges for system-level package management.
  • [EXTERNAL_DOWNLOADS]: Recommends installing the scrapy framework from external registries via pip.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection from untrusted web content. 1. Ingestion points: Processes HTML and XML data from arbitrary URLs via the parse method. 2. Boundary markers: No delimiters or explicit safety instructions are defined to separate scraped content from agent instructions. 3. Capability inventory: Executes shell commands (scrapy crawl) and writes output to local files. 4. Sanitization: No validation or filtering is implemented to prevent scraped data from being interpreted as instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 15, 2026, 07:01 PM