web-scraping

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructions require reading local credentials and sending them to an external server.
  • Evidence: The skill reads sensitive data from ~/.gooseworks/credentials.json to extract an API key.
  • Evidence: The extracted key is subsequently transmitted to api.gooseworks.ai via the Authorization header in multiple curl commands.
  • [COMMAND_EXECUTION]: The skill uses dynamic scripting and shell commands to manage configuration and communicate with APIs.
  • Evidence: It executes python3 -c with a dynamically generated string to parse JSON files from the file system.
  • Evidence: It relies on curl for all primary scraping and automation functions.
  • [EXTERNAL_DOWNLOADS]: The skill references external execution patterns.
  • Evidence: It directs the user to run npx gooseworks login, which downloads and executes remote code from an unverified source to establish credentials.
  • [PROMPT_INJECTION]: The skill presents a significant surface for indirect prompt injection attacks.
  • Ingestion points: The skill fetches data from any user-provided or agent-discovered URL using tools like Scrapegraph, Olostep, and Riveter.
  • Boundary markers: No delimiters or 'ignore' instructions are used to separate scraped content from the agent's core instructions.
  • Capability inventory: The skill possesses high-privilege capabilities including full browser automation, captcha solving, and autonomous multi-step agent tasks.
  • Sanitization: There is no evidence of validation or sanitization of scraped content before it is processed by the LLM, allowing external website content to potentially override agent behavior.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:18 AM
Security Audit — agent-trust-hub — web-scraping