web-scraper
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use shell environments for data retrieval and processing, specifically using
curlandjqfor API interaction andpython3for parsing XML content (Phase 3). - [EXTERNAL_DOWNLOADS]: The agent is directed to download and analyze external web content from arbitrary URLs using tools like
WebFetchand browser automation (Phase 2). - [DATA_EXFILTRATION]: The core purpose of the skill is the extraction and export of structured data. It includes capabilities to harvest contact information (emails, phone numbers) but contains explicit instructions to warn users before scale-collecting sensitive data and to respect copyright and rate limits.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted content from the web.
- Ingestion points: Data enters the context via
WebFetch,read_page, andcurl(SKILL.md). - Boundary markers: The instructions use structured prompts and explicit output constraints like "Return ONLY the extracted data" to maintain focus on the extraction target (SKILL.md).
- Capability inventory: The skill has access to
javascript_tool,bash,python3, and interactive browser controls (SKILL.md). - Sanitization: Automated transformation rules are provided to clean extracted text, including HTML entity decoding and Unicode normalization (references/data-transforms.md).
Audit Metadata