scraping-documentation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from external documentation sites.
- Ingestion points: Untrusted data enters the agent context via the fetch_url function described in Step 1 and Step 2 of the workflow in SKILL.md.
- Boundary markers: No boundary markers or delimiters are specified to help the agent distinguish between its instructions and the data being scraped.
- Capability inventory: The skill's described logic includes network requests (fetch_url) and filesystem writes (write_file).
- Sanitization: The workflow converts HTML to Markdown and performs basic cleanup, but lacks specific sanitization to neutralize embedded prompt instructions.
- [NO_CODE]: This skill consists of documentation and pseudocode only; it does not include any executable scripts or binary files.
Audit Metadata