The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill facilitates the download of browser binaries and dependencies through the scrapling install command and retrieves Docker images from vendor-controlled repositories (pyd4vinci/scrapling, ghcr.io/d4vinci/scrapling). These are legitimate vendor resources required for the skill's functionality.
[COMMAND_EXECUTION]: The skill exposes a CLI interface (scrapling extract) for executing scraping tasks and provides an MCP server (scrapling mcp) to expose scraping tools to the agent, enabling direct command-line interaction and script execution.
[DATA_EXFILTRATION]: The core functionality of the skill involves making network requests to external domains to fetch and extract content. While this is the intended purpose, it involves connecting to non-whitelisted domains.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it reads and processes untrusted data from the public web.
Ingestion points: Untrusted data enters the agent's context from arbitrary URLs via the scrapling extract command and various Python fetcher classes defined in SKILL.md and references/mcp-server.md.
Boundary markers: The skill does not provide or require boundary markers to separate scraped content from agent instructions, nor does it include warnings to ignore instructions found within the scraped data.
Capability inventory: The agent can perform file writes (e.g., result.items.to_json), execute complex Python code for spiders, and initiate further network requests based on the scraped content.
Sanitization: The skill converts HTML to formats like Markdown or text, which removes script tags but does not filter out malicious natural language instructions embedded in the webpage text.

scrapling-official