Skills
skills/hypersocialinc/shots/shots-scrape/Gen Agent Trust Hub

shots-scrape

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and process data from external App Store pages, which creates a surface for indirect prompt injection where malicious content in an app description could attempt to influence the agent's behavior.
  • Ingestion points: External App Store URLs (metadata and app descriptions) as defined in the skill's description.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the SKILL.md.
  • Capability inventory: The skill uses tools like node, npm, open, and curl (SKILL.md).
  • Sanitization: There is no evidence of input validation or content sanitization for the scraped data.
  • [COMMAND_EXECUTION]: The skill uses tools including node, npm, and curl to perform its scraping and data processing operations.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes curl to fetch content from the App Store and npm for managing dependencies.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 07:32 PM