Skills
skills/dangaiden/something-skill/scrape-status/Gen Agent Trust Hub

scrape-status

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates user-provided input ($ARGUMENTS) directly into shell command strings (Python) and SQL queries. This creates a potential for command injection or SQL injection if the input is not strictly validated to a date format.
  • [COMMAND_EXECUTION]: The skill uses Python to open files at paths constructed from user input (e.g., JSON_data/{file}), which could be exploited for path traversal.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external scraping pipelines (eBay, CM) stored in local JSON files. This is an indirect prompt injection surface.
  • [PROMPT_INJECTION]: Mandatory Evidence Chain: 1. Ingestion points: JSON_data/ files. 2. Boundary markers: Absent. 3. Capability inventory: Bash (python, sqlite3, curl), Read, Grep, Glob. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 01:57 PM