udemy-crawler
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from external Udemy course pages, which is a common surface for indirect prompt injection attacks.
- Ingestion points: Scraped text from Udemy course URLs (title, description, curriculum) entered via the
evaluate.jsscript. - Boundary markers: Absent. The extracted content is returned directly to the agent without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill itself only extracts text; it does not contain file-write or network-send capabilities, though it relies on the presence of a Chrome DevTools skill.
- Sanitization: Minimal sanitization is performed via
.trim()and.replace(), though a 3000-character limit is applied to the description field. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references a local prerequisite skill and a standard
npm installcommand within a local directory. It does not download or execute scripts from untrusted remote URLs. - [Dynamic Execution] (SAFE): JavaScript code is passed to the browser to extract data. This code is hardcoded for scraping logic and does not dynamically generate executable strings from untrusted external inputs.
Audit Metadata