Scraping
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute a curl command to a local service (http://localhost:8888/notify) to provide status updates via voice notification when workflows are started.
- [COMMAND_EXECUTION]: The skill uses curl with customized headers and the bun runtime to execute scraping scripts and process data locally.
- [EXTERNAL_DOWNLOADS]: The skill fetches data from well-known services including Apify (api.apify.com) and Bright Data (api.brightdata.com) to perform scraping and crawling tasks.
- [PROMPT_INJECTION]: The skill processes untrusted web content (Category 8), creating a potential surface for indirect prompt injection.
- Ingestion points: Untrusted data is ingested through various scraping functions across the Apify/actors/ directory, such as scrapeInstagramProfile and scrapeWebsite.
- Boundary markers: No explicit markers are defined in the code to isolate scraped content from the agent's instructions.
- Capability inventory: The agent has access to bash for executing shell commands and network requests.
- Sanitization: The ApifyDataset class includes a clean parameter to remove HTML tags and special characters during data extraction.
Audit Metadata