web-scraping
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill is designed to fetch and parse content from arbitrary external URLs, which is a primary vector for indirect prompt injection.
- Ingestion points: HTML content, text, and metadata fetched from user-provided or agent-discovered URLs.
- Boundary markers: None specified in the instructions to help the agent distinguish between data and instructions.
- Capability inventory: Fetching HTML content and outputting structured JSON/CSV data.
- Sanitization: No sanitization or filtering of the scraped content is mentioned.
- [Data Exfiltration] (LOW): The skill permits network requests to any URL.
- Evidence: The 'Fetch HTML content from URLs' capability allows the agent to make outbound network requests. Without a domain whitelist, this could be used to access internal network services (SSRF) if the agent's environment is not properly isolated.
Audit Metadata