extract-webpage-data
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to read local configuration and interact with APIs.
- Evidence:
SKILL.mdcontains instructions for the agent to usepython3 -cto extract API keys from a local JSON file andcurlto send POST requests. - [DATA_EXFILTRATION]: The skill performs network operations to an external domain that is not included in the default whitelist.
- Evidence: Requests are sent to
api.gooseworks.aiusingcurlas specified in the usage examples inSKILL.md. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external, untrusted web pages.
- Ingestion points: Content from external URLs is retrieved via the Olostep, Scrapegraph, and Riveter APIs defined in
SKILL.md. - Boundary markers: The skill does not implement delimiters or warnings to isolate the extracted content from the agent's instructions.
- Capability inventory: The skill uses
curlandpython3for its core logic but does not directly execute the content it retrieves. - Sanitization: No sanitization or filtering of the ingested web data is performed before it is returned to the agent context.
Audit Metadata