extract-webpage-data

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to read local configuration and interact with APIs.
  • Evidence: SKILL.md contains instructions for the agent to use python3 -c to extract API keys from a local JSON file and curl to send POST requests.
  • [DATA_EXFILTRATION]: The skill performs network operations to an external domain that is not included in the default whitelist.
  • Evidence: Requests are sent to api.gooseworks.ai using curl as specified in the usage examples in SKILL.md.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external, untrusted web pages.
  • Ingestion points: Content from external URLs is retrieved via the Olostep, Scrapegraph, and Riveter APIs defined in SKILL.md.
  • Boundary markers: The skill does not implement delimiters or warnings to isolate the extracted content from the agent's instructions.
  • Capability inventory: The skill uses curl and python3 for its core logic but does not directly execute the content it retrieves.
  • Sanitization: No sanitization or filtering of the ingested web data is performed before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — extract-webpage-data