scrape
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions to install the 'scrapling' package via pip. 'scrapling' is a legitimate and recognized Python library used for web scraping and browser automation. The installation and setup commands described are standard for this tool.
- [PROMPT_INJECTION]: The skill fetches content from external websites, creating a surface for indirect prompt injection.
- Ingestion points: Untrusted web content is retrieved via tools like 'scrapling_get' and 'scrapling_fetch'.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified for the processed content.
- Capability inventory: The agent can write the scraped results to a local file and perform summarization.
- Sanitization: No explicit filtering or sanitization of the scraped HTML/text is mentioned. These factors present a standard risk associated with web scraping utilities.
- [SAFE]: No evidence of malicious behavior, obfuscation, or unauthorized data exfiltration was found. The skill's functionality aligns with its stated purpose of facilitating web scraping.
Audit Metadata