Skills
skills/athina-ai/goose-skills/conference-speaker-scraper/Gen Agent Trust Hub

conference-speaker-scraper

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill operates as a command-line interface tool implemented in Python (scripts/scrape_speakers.py). It is designed to be executed with arguments for URLs and configuration modes.
  • [EXTERNAL_DOWNLOADS]: The skill requires the third-party Python library requests to be installed from the standard Python Package Index (PyPI). This is a well-known and standard package for making HTTP requests.
  • [DATA_EXFILTRATION]: When the optional --mode apify is used, the script transmits a user-provided APIFY_API_TOKEN (via command-line argument or environment variable) to api.apify.com. This is the intended behavior for interacting with the Apify API.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external content (speaker bios, names, and titles) from arbitrary websites provided via the --url argument.
  • Ingestion points: Data is fetched from external URLs in scripts/scrape_speakers.py.
  • Boundary markers: The output does not include explicit boundary markers or warnings for downstream LLM processing.
  • Capability inventory: The skill uses the requests library for network access and the standard csv and json modules for output generation.
  • Sanitization: The script performs basic HTML tag removal using regular expressions, but it does not sanitize or filter the resulting text for malicious instructions that might target a downstream LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 01:06 PM