Skills
skills/nikiandr/goose-skills/blog-scraper/Gen Agent Trust Hub

blog-scraper

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to retrieve RSS feeds from user-specified URLs and communicates with Apify's API (api.apify.com) for scraping fallback.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external sources which could be used to deliver malicious instructions to the agent (Indirect Prompt Injection).
  • Ingestion points: Untrusted data enters the script in scripts/scrape_blogs.py through requests.get() calls to user-provided URLs.
  • Boundary markers: The scraped content is not wrapped in delimiters or safety instructions before being presented to the agent.
  • Capability inventory: The script uses the requests library for network operations but lacks more dangerous capabilities like file writing or command execution.
  • Sanitization: There is no sanitization of the content fetched from external feeds.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:17 PM