Skills
skills/membranedev/application-skills/simplescraper/Gen Agent Trust Hub

simplescraper

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted data scraped from external websites through Simplescraper.\n
  • Ingestion points: Untrusted content enters the agent's context through the output of the membrane action run and membrane request commands described in SKILL.md.\n
  • Boundary markers: The instructions do not specify delimiters or provide warnings to the agent to treat the ingested data as untrusted or to ignore instructions within it.\n
  • Capability inventory: The skill allows for the execution of shell commands via the membrane CLI and the installation of Node.js packages via npm.\n
  • Sanitization: There is no mention of sanitizing or validating the data extracted from the web before it is processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill involves the installation of the @membranehq/cli package from the npm registry, which is an expected resource provided by the author.\n- [COMMAND_EXECUTION]: The skill uses various shell commands through the membrane CLI to facilitate authentication, connection management, and the execution of Simplescraper actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 08:12 PM