frevana
Fail
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation for the batch scraping feature includes a reference to
https://url3.com, which has been flagged as malicious by automated reputation scanners. - [DATA_EXFILTRATION]: The skill is designed to scrape "authenticated content" and "paywalled" pages by reusing the user's active Chrome login sessions. This capability allows the agent to access private user data, which could potentially be exfiltrated when processed by third-party AI providers or published to social media.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the agent's context through the
mcp__frevana__frevana_scrapetool. - Boundary markers: The instructions lack delimiters or explicit warnings to the agent to ignore instructions embedded within the scraped web content.
- Capability inventory: The skill can publish content to Twitter/X, Facebook, and LinkedIn, and interact with multiple external AI platforms.
- Sanitization: There is no mention of sanitization or validation processes to filter malicious instructions from the scraped article content before it influences subsequent agent actions.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata