scrapling
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to fetch and process content from arbitrary external URLs, creating a significant attack surface for indirect prompt injection.
- Ingestion points: External web content is ingested via
scrapling_fetch.pyand thescraplingCLI. - Boundary markers: None. The skill does not implement delimiters or provide instructions to the agent to ignore potentially malicious commands embedded in the scraped data.
- Capability inventory: The fetched content is returned directly to the agent's context, where it could influence subsequent logic or tool usage.
- Sanitization: The scripts extract text or HTML but do not perform sanitization to strip potential injection patterns or malicious scripts.
- [DATA_EXFILTRATION]: In
scripts/scrapling_fetch.py, thefetch_httpfunction usesverify=Falsewhen callingFetcher.get. This explicitly disables SSL/TLS certificate verification, making the connection vulnerable to Man-in-the-Middle (MitM) attacks where an attacker could intercept or modify the scraped data. - [EXTERNAL_DOWNLOADS]: The
scripts/scrapling_install.shscript performs a system-wide installation of thescraplingpackage and its dependencies usinguv pip install --system "scrapling[all]". Additionally, it executesscrapling install, which downloads external browser binaries (Chromium) and system dependencies. - [COMMAND_EXECUTION]: The skill relies on executing shell scripts and Python wrappers that interface with the system environment to manage browser automation and network requests.
Audit Metadata