The Agent Skills Directory

[COMMAND_EXECUTION]: The skill implements a workflow where it reads Python templates from the templates/ directory, injects user-provided variables (such as URLs and CSS selectors), and executes the resulting code using the Python interpreter. This dynamic execution of generated scripts presents a surface for command injection if the input parameters are not rigorously validated.
[CREDENTIALS_UNSAFE]: The skill's instructions in SKILL.md and the template in references/cookie-vault.md encourage the agent to store sensitive session cookies in plain-text Markdown files. Specifically, the agent is directed to automatically save cookies discovered during scraping tasks into the skill's local files, which may lead to the storage of sensitive authentication tokens in an unencrypted format within the skill directory.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of ingesting data from untrusted external URLs. The SKILL.md file specifically directs the agent to "persist experience" by updating references/site-patterns.md with new findings. Without boundary markers or sanitization of the scraped content, malicious instructions embedded in a target website could potentially poison the skill's reference library and influence the agent's future behavior.
[EXTERNAL_DOWNLOADS]: To function, the skill requires the installation of the scrapling package from PyPI and the subsequent download of browser binaries (Playwright and Camoufox) via the scrapling install command. While these are legitimate dependencies for the skill's stated purpose, they involve the retrieval and execution of external binary content at runtime.

scrapling