web-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches content from external web URLs using the
requestsandplaywrightlibraries. This is standard behavior for a scraping tool and is used to retrieve data from user-specified or well-known sites.\n- [PROMPT_INJECTION]: The skill processes untrusted web content, which presents a surface for indirect prompt injection where instructions hidden in HTML could influence the agent.\n - Ingestion points: Data enters the system from arbitrary URLs fetched by the functions in
SKILL.md.\n - Boundary markers: None identified. External content is processed and passed to the agent without isolation markers or instructions to ignore embedded commands.\n
- Capability inventory: The skill possesses capabilities for network access, local file system writing, and external database interaction via the Supabase client.\n
- Sanitization: While the
transform_productsfunction performs data normalization and validation, it does not include specific mitigations for prompt injection attacks.
Audit Metadata