Skills
skills/besoeasy/open-skills/using-web-scraping/Gen Agent Trust Hub

using-web-scraping

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it scrapes content from arbitrary websites and feeds it into the agent's context. An attacker could place instructions on a webpage to hijack the agent's logic when the page is scraped.
  • Ingestion points: The ddgSearchAndScrape function in SKILL.md extracts title, description, and innerText from external URLs.
  • Boundary markers: The agent prompt lacks clear delimiters or instructions to treat the scraped content as untrusted data rather than instructions.
  • Capability inventory: The skill can perform network requests and execute browser automation via Playwright.
  • Sanitization: No sanitization or filtering of the scraped text is performed before returning it to the agent.
  • [EXTERNAL_DOWNLOADS]: The skill instructions include the installation of the playwright library and its browser binaries.
  • Details: Fetches standard automation tools from well-known package registries (npm/PyPI).
  • [COMMAND_EXECUTION]: The skill uses Playwright to execute browser automation commands.
  • Details: Launches a headless Chromium browser to navigate the web and interact with page elements as shown in the Node.js implementation example.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:36 AM