using-scrapy
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's setup documentation includes commands using 'sudo apt-get', which requires the agent to execute instructions with elevated administrative privileges.
- [EXTERNAL_DOWNLOADS]: The skill installs the 'scrapy' Python library from public package registries. Scrapy is a well-known and standard tool for web crawling.
- [EXTERNAL_DOWNLOADS]: The skill's code snippets reference the author's repository at 'github.com/besoeasy/open-skills' within its default User-Agent configuration.
- [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection because it extracts and processes untrusted data from external websites.
- Ingestion points: The scraping logic in 'SKILL.md' (e.g., 'QuotesSpider', 'ArticleSpider') pulls content directly from external HTML/XML responses.
- Boundary markers: The skill does not implement delimiters or 'ignore' instructions to prevent the agent from following malicious commands embedded in the scraped content.
- Capability inventory: The agent has the capability to crawl arbitrary URLs and write the resulting data to local storage (e.g., 'output.json').
- Sanitization: No sanitization is applied to the scraped web content before it is stored or further processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata