blog-scraper
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from external blog RSS feeds.\n
- Ingestion points: External RSS/Atom feeds and Apify dataset items fetched via the requests library in
scripts/scrape_blogs.py.\n - Boundary markers: Absent. The script does not wrap external content in delimiters or include instructions for the agent to ignore embedded commands within the scraped text.\n
- Capability inventory: The script itself lacks dangerous native capabilities (e.g.,
subprocessoreval), but it provides potentially malicious scraped text to the agent which may have such tools available.\n - Sanitization: No sanitization is performed on the scraped content beyond basic whitespace trimming and XML parsing.\n- [DATA_EXFILTRATION]: The skill performs network operations to external domains and well-known services to fetch blog data.\n
- Evidence: Uses the requests library to query user-provided URLs and the Apify API (
api.apify.com) inscripts/scrape_blogs.py.\n - Context: These operations are essential for the skill's primary function of scraping blog content. Apify is a well-known service.
Audit Metadata