scrape
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bash script with curl and jq to interact with the Bright Data API. It safely handles input URLs by passing them as arguments to jq, which prevents injection into the JSON payload.
- [PROMPT_INJECTION]: The skill processes untrusted web content, which presents a surface for indirect prompt injection. \n
- Ingestion points: External URLs provided to scripts/scrape.sh. \n
- Boundary markers: Scraped markdown is returned directly to the agent context without delimiters. \n
- Capability inventory: The skill's capabilities are limited to making proxied web requests to the Bright Data API. \n
- Sanitization: No sanitization or instruction-filtering is performed on the scraped content.
Audit Metadata