scrapling
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides legitimate documentation and code snippets for web scraping tasks using the scrapling library. All external references target legitimate documentation or repositories.
- [COMMAND_EXECUTION]: The skill uses standard CLI commands for library installation (pip install) and execution (scrapling extract), which are appropriate for its stated purpose.
- [EXTERNAL_DOWNLOADS]: Installation instructions involve downloading the scrapling package from the official Python Package Index (PyPI). The scrapling install command is a standard procedure for downloading browser binaries required for dynamic content fetching.
- [DATA_EXFILTRATION]: The skill performs network requests to fetch content from user-specified URLs. There is no evidence of unauthorized exfiltration of sensitive local data or credentials.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external web content.
- Ingestion points: Web content fetched via scrapling CLI or Python classes (Fetcher, DynamicFetcher, StealthyFetcher).
- Boundary markers: Absent.
- Capability inventory: Network operations (GET, POST, etc.) and file system writes (writing scraped content to files).
- Sanitization: Absent. As the skill is a utility for data extraction, this risk is inherent to its primary purpose and is managed by standard agent guardrails.
Audit Metadata