Skills
skills/openweb-ninja/openwebninja-skills/openwebninja_universal_scraper/Gen Agent Trust Hub

openwebninja_universal_scraper

Fail

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: A hardcoded RapidAPI key was discovered in the configuration for the Amazon data API. This exposes credentials to any user of the skill and violates secure secret management practices.
  • Evidence: 'x-rapidapi-key': '4e842e5834msh0fff10888eda799p121fefjsn8712ea690aee' found in 'apis/realtime-amazon-data/config.json'.
  • [DATA_EXFILTRATION]: The skill includes a robust suite of utility functions designed to transmit retrieved data to external third-party services.
  • The 'lib/utils.js' file contains dedicated logic for pushing data to arbitrary Webhook URLs, AWS S3 buckets, FTP servers, Airtable, and Google Sheets.
  • While these are functional features, they provide a pre-built mechanism for automated data exfiltration if the agent is compromised or misled.
  • [PROMPT_INJECTION]: The skill possesses a high vulnerability surface for indirect prompt injection due to its core architecture.
  • Ingestion points: The skill ingests raw, untrusted data from dozens of public sources including Reddit, Quora, and Google Search results (referenced in 'SKILL.md').
  • Boundary markers: No delimiters or protective instructions are used when interpolating this untrusted data into the agent's context.
  • Capability inventory: The agent is granted powerful local capabilities including 'Bash' for shell execution and 'Write/Edit' for file modification.
  • Sanitization: There is no evidence of content sanitization or instruction filtering before the data is processed by the AI.
  • [COMMAND_EXECUTION]: The skill is designed to execute local Node.js scraper scripts via the shell to perform its primary tasks.
  • Instructions in 'SKILL.md' direct the agent to use the 'Bash' tool to run commands such as 'node --env-file=.env apis/{api_id}/scrape.js'.
  • [EXTERNAL_DOWNLOADS]: The skill performs numerous network operations to fetch data from various external API domains.
  • Primary connections include 'api.openwebninja.com' and 'rapidapi.com' (documented in 'meta.json' files).
  • The skill also supports connections to generic webhooks, AWS S3, and Slack endpoints for data delivery.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 30, 2026, 07:51 PM