documentation-scraper
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill contains direct instructions to override safety guidelines. It explicitly requires the agent to use the 'dangerouslyDisableSandbox: true' flag for all operations, which bypasses essential security boundaries that protect the host system from the agent's actions. Evidence: SKILL.md instructions regarding sandbox disabling.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs the user to install 'slurp-ai' from a public registry. This package is not from a trusted source, creating a risk of supply chain attack where the agent might execute malicious code on the host. Evidence: 'npm install -g slurp-ai' in SKILL.md.
- COMMAND_EXECUTION (MEDIUM): The skill involves executing arbitrary binary commands ('slurp') and scripts ('analyze-sitemap.js') on the local host with the sandbox disabled.
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill fetches external documentation which is then provided to the AI as context. 1. Ingestion points: 'slurp' and 'analyze-sitemap.js' fetch untrusted web data. 2. Boundary markers: Absent. 3. Capability inventory: Network access, file system writes, and subprocess calls. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata