The Agent Skills Directory

[Prompt Injection] (SAFE): No attempts to override system instructions, bypass safety filters, or extract system prompts were detected. The instructions are purely focused on the stated purpose of web scraping education.
[Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive environment variables, or unauthorized access to local file paths (such as SSH keys or AWS configs) were found. No suspicious network operations to external domains were identified.
[Obfuscation] (SAFE): The content is clear and readable. No use of Base64, zero-width characters, homoglyphs, or other obfuscation techniques intended to hide malicious intent was found.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill lists standard, reputable Python packages in the Scrapy ecosystem (e.g., scrapy, scrapy-playwright). It does not contain commands to download or execute untrusted remote scripts (e.g., curl | bash).
[Privilege Escalation & Persistence] (SAFE): No commands requiring elevated privileges (sudo) or attempts to establish persistence (crontabs, shell profile modifications) were detected.
[Indirect Prompt Injection] (SAFE): While the skill provides guidance for building tools that ingest untrusted web data (an inherent surface for indirect injection), it specifically recommends best practices for data validation, cleaning, and structured extraction (ItemLoaders/Pipelines), which mitigate these risks in the resulting implementations.

scrapy-web-scraping