scraper-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): The skill implements a scraping workflow that ingests untrusted website data, creating a surface for indirect prompt injection where malicious instructions on a site could influence agent behavior. Mandatory Evidence Chain: 1. Ingestion points: accessibility tree snapshots in 'references/agent-browser-workflow.md'. 2. Boundary markers: Absent. 3. Capability inventory: Navigation, clicking, typing, and scrolling via 'agent-browser' CLI. 4. Sanitization: Absent for instructional content within scraped data.
- External Downloads (LOW): The skill references 'agent-browser' for installation from the trusted 'vercel-labs' organization. This finding is downgraded to LOW per the TRUST-SCOPE-RULE.
- Command Execution (LOW): Includes 'scripts/generate-page-object.ts', a Deno script that dynamically generates TypeScript source code from templates. While intended for scaffolding, any script generation involves low-level risk of creating executable content.
Audit Metadata