web-scraping
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses curl and python3 to fetch and parse web pages. One utility script automates pagination by calling curl via Python's subprocess module using safe argument lists to prevent shell-based injection.
- [EXTERNAL_DOWNLOADS]: Fetches content from external URLs to local storage for processing. The script uses standard curl flags and preserves remote filenames when requested.
- [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection as it fetches untrusted web content. Evidence Chain: 1. Ingestion points: Remote HTML fetched via curl and stored in page.html. 2. Boundary markers: Absent. 3. Capability inventory: Network requests (curl) and local file writes. 4. Sanitization: Absent; content is parsed for structure but not filtered for embedded instructions.
Audit Metadata