scraping-recon
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of external data. Ingestion points include Phase 1 and 2 where the agent fetches and analyzes content from robots.txt, sitemaps, and raw HTML source code. Boundary markers are absent as the instructions do not implement delimiters or guidance to ignore embedded instructions in retrieved content. Capability inventory includes network interactions via curl and browser tools. Sanitization is absent as no validation or filtering of web content is specified before the agent processes it.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute curl commands for network requests and data retrieval. While this is the core intended functionality for reconnaissance, it involves interacting with external targets based on input provided during the session.
Audit Metadata