scrapling
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill represents a significant surface for indirect prompt injection because its core function is to fetch and process data from untrusted external websites.
- Ingestion points: The skill uses Scrapling's fetchers (
Fetcher,DynamicFetcher,StealthyFetcher) to retrieve content from any URL provided to the agent. - Boundary markers: There are no programmed boundary markers or explicit instruction-filtering mechanisms in the provided Python scripts (
scrapling_scrape.pyandscrapling_smoke_test.py) to prevent the agent from interpreting instructions embedded in scraped HTML or JSON data. - Capability inventory: The skill possesses network access and file-system write capabilities (demonstrated in
spider-recipes.md), which could be targeted by instructions found in scraped content. - Sanitization: The scripts extract content via selectors but do not perform sanitization or escaping of the raw data before passing it back to the agent context.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install external dependencies required for its operation.
- Evidence: Documentation in
SKILL.mdandmcp-setup.mddirects the user to install thescraplingandplaywrightpackages from standard registries (PyPI). - Context: These downloads target well-known open-source libraries and are consistent with the skill's stated purpose of providing web scraping capabilities.
Audit Metadata