web-scraper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill is vulnerable to Server-Side Request Forgery (SSRF). The
scripts/fetch_url.pyscript (lines 125, 147) fetches content from arbitrary URLs provided as input without validation. This could allow an attacker to probe or access internal network services (e.g., metadata endpoints, internal APIs) if the execution environment is not network-isolated. Additionally, the script's fallback fetcher explicitly disables SSL verification (ssl.CERT_NONE), making it susceptible to Man-in-the-Middle (MitM) attacks. - [PROMPT_INJECTION] (LOW): The skill exposes an Indirect Prompt Injection surface by ingesting untrusted external web data and converting it to markdown for the agent's consumption. \n1. Ingestion points:
scripts/fetch_url.py(lines 125, 147). \n2. Boundary markers: Absent. \n3. Capability inventory: Network read access and local script execution. \n4. Sanitization: Minimal; the script removes script and style tags but keeps all text content which may contain adversarial instructions. - [COMMAND_EXECUTION] (LOW): The skill relies on executing local Python scripts (
scripts/fetch_url.py) with user-supplied arguments. While this is the intended functionality, it serves as the vector for the identified network security risks.
Audit Metadata