scrapling
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill is built entirely around executing the
scraplingCLI tool, which interacts with the local filesystem to save scraped content and the network to fetch data. - [EXTERNAL_DOWNLOADS]: The
scrapling installcommand downloads and installs external binaries, including browsers and system-level dependencies for fingerprint manipulation, from remote sources. - [REMOTE_CODE_EXECUTION]: The
scrapling shellandscrapling shell -c "code"commands allow for the execution of arbitrary Python-like code within the tool's environment. Additionally, theuncurlandcurl2fetcherfunctions dynamically convert and execute strings as functional logic. - [DATA_EXFILTRATION]: The tool supports various HTTP methods (POST, PUT) and allows custom headers and cookies. This could be used to exfiltrate data to an external server if the agent is directed to send sensitive information via these parameters.
- [PROMPT_INJECTION]: This skill is highly susceptible to indirect prompt injection (Category 8).
- Ingestion points: Data is ingested from arbitrary URLs via the
get,fetch, andstealthy-fetchcommands. - Boundary markers: There are no mentioned boundary markers or instructions to the agent to ignore instructions embedded in the scraped content.
- Capability inventory: The skill has the ability to write files to the disk and perform various network operations (POST/PUT/DELETE) and execute commands via its shell.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external websites before it is saved or processed.
Audit Metadata