scrapling-skill
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing the 'scrapling' Python package and downloading browser runtimes (Chromium/Chrome Headless Shell) via the 'scrapling install' command.
- [COMMAND_EXECUTION]: The diagnostic script 'scripts/diagnose_scrapling.py' executes the 'scrapling' CLI using 'subprocess.run' to perform health checks and smoke tests on user-provided URLs.
- [PROMPT_INJECTION]: The skill ingests data from external websites, which serves as a vector for indirect prompt injection. 1. Ingestion points: Web content extracted via 'scrapling' is saved locally and read by the agent or diagnostic script (e.g., 'scripts/diagnose_scrapling.py'). 2. Boundary markers: The skill instructions do not specify any delimiters or safety prompts to ignore instructions within scraped data. 3. Capability inventory: The skill has the capability to execute subprocesses and interact with the local filesystem. 4. Sanitization: No content sanitization is performed on the scraped HTML or Markdown before it is presented in the agent's context.
Audit Metadata