Skills
skills/browser-act/skills/web-search-scraper-api-skill/Gen Agent Trust Hub

web-search-scraper-api-skill

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script scripts/web_search_scraper_api.py to interface with the BrowserAct API.
  • [DATA_EXFILTRATION]: The skill transmits the target URL and the user-provided API key to api.browseract.com. This is the intended behavior for utilizing the author's service.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted content from the internet, creating a potential surface for indirect prompt injection.
  • Ingestion points: The run_task function in scripts/web_search_scraper_api.py fetches raw data from external websites via the API.
  • Boundary markers: The script does not implement delimiters or specific warnings to the agent to ignore instructions embedded in the scraped content.
  • Capability inventory: The skill uses the requests library for network communication and sys for output; the host agent may possess broader system capabilities.
  • Sanitization: There is no evidence of content sanitization or instruction filtering applied to the retrieved webpage data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 03:44 PM