web-crawler
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches data and API specifications from external services including ScrapeCreators (api.scrapecreators.com), SerpApi (serpapi.com), and Firecrawl (api.firecrawl.dev). These downloads are necessary for its primary function of web and social media scraping.- [COMMAND_EXECUTION]: Utilizes system-level tools like
curland programming language network modules (Python'score.http_clientand JavaScript'sfetch) to communicate with the scraping APIs as described in the routing tables.- [PROMPT_INJECTION]: As the skill is designed to ingest and process content from social media and the general web, it is susceptible to indirect prompt injection from untrusted external data. - Ingestion points: Content retrieved from various social media platforms (TikTok, Instagram, YouTube, etc.) and web pages via ScrapeCreators, SerpApi, and Firecrawl (SKILL.md).
- Boundary markers: The skill instructions do not specify the use of delimiters or specific instructions to the agent to ignore embedded commands in the scraped content.
- Capability inventory: The skill possesses network communication capabilities and the ability to process and summarize external data (SKILL.md).
- Sanitization: No explicit sanitization or validation of the retrieved content is described in the provided documentation.
Audit Metadata