Skills
skills/yfe404/web-scraper/web-scraping/Gen Agent Trust Hub

web-scraping

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. As a web scraping tool, this skill is designed to ingest and process untrusted data from external websites (Phase 1 reconnaissance and Phase 4 implementation). This creates an attack surface for indirect prompt injection, where an adversary could embed instructions in a website's HTML or API response to influence the agent.
  • Ingestion points: proxy_list_traffic(), interceptor_chrome_devtools_snapshot() (SKILL.md), and standard scraping via Playwright/Cheerio.
  • Boundary markers: No specific boundary markers or explicit 'ignore instructions' delimiters for ingested data are defined in the provided templates.
  • Capability inventory: The skill facilitates system command execution via Apify CLI and browser interactions via humanizer tools (SKILL.md).
  • Sanitization: Explicit sanitization of external content is not implemented in the provided examples.
  • [COMMAND_EXECUTION]: Development and CLI Tooling. The skill provides instructions for installing and using the Apify CLI to manage actors (apify create, apify run, apify push). These are standard operational commands for the intended platform. The apify/initialization.md file mentions the use of sudo for troubleshooting global npm installations, which is a common but privileged operation documented for administrative context.
  • [EXTERNAL_DOWNLOADS]: Verified Dependency Management. The skill facilitates the download of well-known, reputable packages from the official npm registry, including apify, crawlee, and got-scraping. These dependencies are provided by established technology organizations and are documented neutrally. Automated scans flagged https://target-site.com/api/v2/products as malicious; however, manual analysis confirms this URL is used exclusively as a generic documentation placeholder in examples (found in README.md, SKILL.md, and strategies/api-discovery.md).
  • [SAFE]: No Malicious Patterns Detected. A thorough review of all 54 files, including templates and scripts, reveals no evidence of obfuscation, hardcoded credentials, data exfiltration, or persistence mechanisms.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 18, 2026, 06:16 PM