web-scraping-olostep
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands for configuration and data retrieval.
- It executes
python3 -cto parse JSON data from a local file during environment variable setup. - It uses
curlfor all interactions with the Olostep API. - [DATA_EXFILTRATION]: The skill is designed to read sensitive credentials from the local file system.
- It accesses
~/.gooseworks/credentials.jsonto retrieve theapi_keyused for authenticated API requests. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of ingesting external web data.
- Ingestion points: Data enters the agent context through the
Create Scrape,Create Answer,Start Crawl, andRetrieve Contentcapabilities (SKILL.md). - Boundary markers: No delimiters or instructions are provided to the agent to treat scraped content as untrusted data.
- Capability inventory: The skill allows the agent to execute subprocesses via
curlandpython3(SKILL.md). - Sanitization: There is no evidence of filtering or sanitization of the web content before it is passed to the AI for answer generation.
- [EXTERNAL_DOWNLOADS]: The setup instructions direct the user to run
npx gooseworks login, which involves downloading and executing a package from the npm registry.
Audit Metadata