cli-web-scrape
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill requires executing local shell commands to install the 'scrapling' utility and its browser engines. It also provides a shell command ('scrapling shell -c') that allows for arbitrary Python code execution within the tool's environment.
- [EXTERNAL_DOWNLOADS]: The skill instructions facilitate the download of the 'scrapling' library from PyPI and the subsequent fetching of browser binaries (Playwright and Camoufox) from remote sources during the setup phase.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection. Ingestion points: Output files generated by 'scrapling extract' (e.g., /tmp/scrapling-out.md) which are subsequently read by the agent. Boundary markers: None identified in the documentation or instructions. Capability inventory: The tool can perform network requests, write files, and execute Python code. Sanitization: No sanitization of the scraped web content is mentioned before it is processed by the agent, allowing malicious content to potentially influence agent behavior.
- [CREDENTIALS_UNSAFE]: The skill documentation demonstrates how to pass sensitive information such as Authorization headers and session cookies via command-line flags. This practice can lead to credential exposure in process lists, command history, or logs if used with real sensitive data.
Audit Metadata