web-scraping-olostep

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands for configuration and data retrieval.
  • It executes python3 -c to parse JSON data from a local file during environment variable setup.
  • It uses curl for all interactions with the Olostep API.
  • [DATA_EXFILTRATION]: The skill is designed to read sensitive credentials from the local file system.
  • It accesses ~/.gooseworks/credentials.json to retrieve the api_key used for authenticated API requests.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of ingesting external web data.
  • Ingestion points: Data enters the agent context through the Create Scrape, Create Answer, Start Crawl, and Retrieve Content capabilities (SKILL.md).
  • Boundary markers: No delimiters or instructions are provided to the agent to treat scraped content as untrusted data.
  • Capability inventory: The skill allows the agent to execute subprocesses via curl and python3 (SKILL.md).
  • Sanitization: There is no evidence of filtering or sanitization of the web content before it is passed to the AI for answer generation.
  • [EXTERNAL_DOWNLOADS]: The setup instructions direct the user to run npx gooseworks login, which involves downloading and executing a package from the npm registry.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — web-scraping-olostep