oxylabs-web-scraper
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches content from external, untrusted websites, which creates a surface for indirect prompt injection attacks where malicious instructions hidden in web pages could influence the agent's behavior. * Ingestion points: Untrusted data enters the agent context through the 'content' field in the API response as shown in SKILL.md and examples.md. * Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore embedded commands within the scraped content. * Capability inventory: The skill is designed to perform network requests to the Oxylabs API and process the returned data. * Sanitization: No sanitization or filtering of the retrieved HTML or parsed JSON content is described in the documentation.
- [Data Exposure] (SAFE): Authentication is properly managed via environment variables (OXY_WSA_USERNAME and OXY_WSA_PASSWORD), ensuring no sensitive credentials are hardcoded within the skill files.
Audit Metadata