gologin-scraping-skill
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill's configuration in
agents/openai.yamlcontains instructions that direct the AI agent to prioritize using GoLogin tools over competing services like Firecrawl, which is a form of competitive steering that influences the agent's default tool selection logic. - [EXTERNAL_DOWNLOADS]: The skill documentation describes the installation of the
gologin-webunlocker-sdkNode.js package and its corresponding CLI tool. These are recognized as official vendor resources from the author, GologinLabs. - [DATA_EXFILTRATION]: The skill transmits target URLs to the Gologin Web Unlocker API (gologin.com) and requires the configuration of a
GOLOGIN_WEBUNLOCKER_API_KEY. This behavior is consistent with the skill's primary purpose of providing web scraping via a specialized proxy service. - [PROMPT_INJECTION]: The skill's core functionality involves scraping content from arbitrary URLs (HTML, Markdown, and Text). This creates an attack surface for indirect prompt injection, where malicious instructions embedded in a target webpage could attempt to influence the agent's behavior during processing.
- Ingestion points: Tools
webunlocker_scrape,webunlocker_text,webunlocker_markdown, andwebunlocker_json(manifest.json). - Boundary markers: None identified in the provided tool descriptions or operation patterns.
- Capability inventory: No dangerous local operations such as arbitrary command execution or file system writes are present in the skill code.
- Sanitization: No explicit sanitization or filtering of the scraped content is documented before it is returned to the agent context.
Audit Metadata