clean-content-fetch
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions and command examples hardcode absolute file paths targeting a specific user directory (
/Users/zzd/). This exposes the local system's directory structure and the username to the agent. - [COMMAND_EXECUTION]: The skill operates by executing a local Python script through the shell, passing user-supplied input (the target URL) directly as a command-line argument.
- [EXTERNAL_DOWNLOADS]: The documentation instructs the agent to install several external Python packages (
scrapling,html2text,curl_cffi,playwright,browserforge) and to download browser binaries using the Playwright CLI. - [PROMPT_INJECTION]: The skill functions as a gateway for untrusted data by fetching content from arbitrary external URLs (Indirect Prompt Injection surface). Malicious instructions embedded in a fetched web page could potentially influence the agent's subsequent actions.
- Ingestion points: External content enters the context via the
scrapling_fetch.pyscript output. - Boundary markers: The skill does not define specific delimiters or instructions to the agent to ignore embedded commands within the fetched content.
- Capability inventory: The agent has the ability to execute shell commands and perform network requests.
- Sanitization: There is no evidence of sanitization or filtering of the fetched content to prevent instruction injection before it is returned to the agent.
Audit Metadata