web-scraping-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references a wide range of external libraries including Scrapy, Selenium, Playwright, and Puppeteer. While these are standard for web scraping, they introduce external dependencies into the environment.
- [COMMAND_EXECUTION] (LOW): The skill utilizes 'Bash', 'Write', and 'Edit' tools to develop and execute scraping scripts. This is necessary for its primary purpose but allows for arbitrary code execution if not properly constrained.
- [DATA_EXFILTRATION] (LOW): By design, this skill uses network operations (requests, WebFetch) to send data to and from external endpoints, which is required for scraping and API interaction.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from the web.
- Ingestion points: Uses 'WebFetch', 'WebSearch', and 'Selenium' to retrieve data from external URLs (SKILL.md).
- Boundary markers: No specific delimiters or instructions are provided to the agent to ignore instructions embedded in the scraped content.
- Capability inventory: The agent has access to 'Bash', 'Write', and 'Edit' tools, which could be exploited by malicious content found on a website (SKILL.md).
- Sanitization: There is no evidence of sanitization or filtering of the external content before it is processed by the agent.
Audit Metadata