structured-scraping-riveter
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill setup instructions involve reading sensitive API keys directly from a local configuration file at
~/.gooseworks/credentials.json. - [COMMAND_EXECUTION]: The skill documentation includes inline Python commands (
python3 -c) to programmatically parse JSON files and export environment variables during the setup phase. - [PROMPT_INJECTION]: The skill performs web scraping of external URLs, which creates a surface for indirect prompt injection attacks where malicious instructions on a webpage could influence agent behavior.
- Ingestion points: The
ScrapeandRuntools ingest text and data from arbitrary, user-provided URLs (e.g.,SKILL.md). - Boundary markers: The skill does not implement delimiters or explicit instructions to ignore embedded commands within the scraped content.
- Capability inventory: The skill returns extracted text to the agent's context. While the skill itself does not specify dangerous write operations, the agent processing this data may have such tools available.
- Sanitization: There is no evidence of sanitization or filtering of the external content before it is interpolated into the agent's context.
- Remediation: It is recommended to wrap external content in clear delimiters (e.g., XML tags or triple backticks) and provide the agent with explicit instructions to ignore any commands found within those boundaries.
Audit Metadata