scrapling
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a high surface area for indirect prompt injection because it is designed to fetch and process arbitrary web content for an AI agent.\n
- Ingestion points: Web content is retrieved through multiple tools like
get,fetch, andstealthy_fetchas documented inreferences/mcp.mdandscripts/scrape_list.py.\n - Boundary markers: The skill does not implement explicit delimiters or system-level instructions to ignore potential commands within the scraped text.\n
- Capability inventory: The agent has access to networking (via fetchers), file system operations (via script output), and environment commands.\n
- Sanitization: While the library provides text cleaning and structural conversion (Markdown/HTML), it does not sanitize the content against prompt-based attacks.\n- [EXTERNAL_DOWNLOADS]: Setup involves the
scrapling installcommand which downloads browser binaries (Chromium and Camoufox) required for operation.\n- [COMMAND_EXECUTION]: The skill uses terminal commands for installation, dependency management, and executing scraping scripts.
Audit Metadata