product-hunt-scraper
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill runs a Python script (
scripts/scrape_producthunt.py) to manage the scraping process and filter results. - [EXTERNAL_DOWNLOADS]: The script performs network requests to
app.gooseworks.ai(a vendor-associated domain) to retrieve product data through an Apify actor. - [PROMPT_INJECTION]: The skill processes untrusted content (product names, taglines, and descriptions) from Product Hunt. This creates an indirect prompt injection surface where malicious instructions embedded in a product listing could attempt to influence the agent's logic.
- Ingestion points: External product data is fetched via the Apify API and ingested into the agent context through the
productslist inscripts/scrape_producthunt.py. - Boundary markers: No specific delimiters or instructions are used to isolate external content from the agent's primary instructions.
- Capability inventory: The agent can execute local scripts and perform network operations using the requests library.
- Sanitization: No content sanitization or filtering of executable instructions is performed on the scraped data before it is presented to the agent.
Audit Metadata