Skills
skills/tdimino/claude-code-minoan/scrapling/Gen Agent Trust Hub

scrapling

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scrapling_install.sh script installs external code by running uv pip install for the scrapling package and executing scrapling install to download browser binaries.
  • [COMMAND_EXECUTION]: The skill executes network requests to external URLs provided during runtime.
  • [COMMAND_EXECUTION]: The script scripts/scrapling_fetch.py explicitly disables SSL certificate verification (verify=False) in its fetch_http function, which exposes connections to potential man-in-the-middle attacks.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and returns content from arbitrary web pages to the agent.
  • Ingestion points: scripts/scrapling_fetch.py and the Scrapling CLI tools fetch content from external URLs.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are used when processing fetched content.
  • Capability inventory: The skill allows network access and browser-based automation via Playwright and Patchright.
  • Sanitization: No sanitization, filtering, or validation of the fetched HTML or text content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 12:30 PM