Skills
skills/scrapecreators/agent-skills/scrapecreators-api/Gen Agent Trust Hub

scrapecreators-api

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides examples of using curl to interact with the API. These are standard implementation examples for developers and do not involve unsanitized user input or privilege escalation.
  • [DATA_EXFILTRATION]: The skill performs network requests to api.scrapecreators.com and docs.scrapecreators.com. These are legitimate vendor domains required for the skill's core functionality of data scraping and fetching documentation.
  • [CREDENTIALS_UNSAFE]: The skill correctly instructs the use of an environment variable (SCRAPECREATORS_API_KEY) for API authentication, avoiding hardcoded secrets.
  • [PROMPT_INJECTION]: The skill processes data from external social media platforms, which constitutes an indirect prompt injection surface.
  • Ingestion points: Untrusted content from 27+ social media platforms (posts, comments, profiles) is ingested into the agent context via API calls.
  • Boundary markers: None explicitly defined in the instructions to separate API data from system prompts.
  • Capability inventory: The skill is permitted to use Bash, Read, Write, and WebFetch tools.
  • Sanitization: No specific sanitization or validation of external content is described before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 12:27 PM