Skills
skills/mofa-org/mofa/web_scraping/Gen Agent Trust Hub

web_scraping

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Vulnerability surface for command injection identified in the tool interface definition.
  • Ingestion points: The {url} variable in SKILL.md is passed directly to the shell command bash fetch.sh {url}.
  • Boundary markers: There are no shell-escaping mechanisms or delimiters provided to prevent command injection.
  • Capability inventory: The skill documentation references a bash script for fetching web content, which typically involves network access and command execution.
  • Sanitization: No sanitization or validation logic for the {url} or {input} parameters is present in the provided files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 06:53 AM