blog-scraper
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill fetches and processes content from external blog URLs and RSS feeds, which are untrusted sources. This creates an indirect prompt injection surface where a malicious blog post could contain instructions designed to influence the AI agent's behavior.
- Ingestion points: The
scripts/scrape_blogs.pyscript performs HTTP GET requests to retrieve content from arbitrary URLs provided via the--urlsargument. - Boundary markers: The skill does not employ boundary markers or "ignore instructions" warnings when presenting the scraped blog content (titles, descriptions, etc.) to the agent.
- Capability inventory: The script is limited to network operations and console output; it does not have the ability to execute shell commands, write files, or access sensitive local directories, which significantly limits the potential impact of an injection.
- Sanitization: While the script parses XML and JSON structures, it does not sanitize or filter the text content for potential malicious instructions before returning it to the agent.
Audit Metadata