spider-cli-extraction
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill executes the Spider CLI via
cargo runwithin a bash script, which allows the agent to trigger shell-level processes and pass various arguments. Evidence found inscripts/spider_cli_helper.sh. - EXTERNAL_DOWNLOADS (MEDIUM): The use of
cargo runnecessitates downloading and compiling Rust dependencies from crates.io. These are external packages not included in the trusted source list. Evidence found inSKILL.mdandscripts/spider_cli_helper.sh. - PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface by ingesting data from untrusted web URLs. 1. Ingestion points:
crawl,scrape, anddownloadcommands inscripts/spider_cli_helper.sh. 2. Boundary markers: Absent; there are no instructions provided to the agent to treat scraped data as untrusted. 3. Capability inventory: The skill can access the network, write files to disk via thedownloadcommand, and execute shell commands through the CLI wrapper. 4. Sanitization: Absent; the script does not sanitize or validate content before it is processed by the agent.
Audit Metadata