just-scrape
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill functions as a client for the AI Skills service. The provided Python script (scripts/run.py) manages API communication securely using environment variables for credentials.
- [COMMAND_EXECUTION]: The skill includes a utility script scripts/run.py intended for local execution to interface with the https://ai-skills.ai API. It does not perform any unauthorized system commands.
- [EXTERNAL_DOWNLOADS]: Network operations are restricted to the vendor's official domain, https://ai-skills.ai, for the purpose of executing the skill's primary functionality.
- [PROMPT_INJECTION]: The skill processes untrusted web content, creating an indirect prompt injection surface.
- Ingestion points: External data enters through materialUrl, materialText, and materialFile parameters in scripts/run.py and references/form-schema.json.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill files.
- Capability inventory: The script scripts/run.py performs network requests to an external API.
- Sanitization: No input validation or escaping of external content is observed in the local execution script.
Audit Metadata