scrapeninja
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes content from external URLs which could contain malicious instructions.
- Ingestion points: Data is fetched from URLs specified in the request JSON (SKILL.md).
- Boundary markers: None. The scraped body content is returned to the agent without explicit delimiters or safety instructions.
- Capability inventory: The skill uses curl for network requests and jq for data processing.
- Sanitization: There is no evidence of sanitization or filtering of the scraped content before it enters the agent's context.
- [COMMAND_EXECUTION]: The skill uses curl and jq to interact with the ScrapeNinja API. These are standard tools used according to their documentation for API requests and JSON manipulation.
- [DATA_EXFILTRATION]: API credentials are managed using environment variables and passed via HTTP headers to the official ScrapeNinja API on well-known platforms (RapidAPI/APIRoad). No unauthorized data transfer was observed.
Audit Metadata