Skills
skills/kundeng/wise-scraper-skill/wise-scraper/Gen Agent Trust Hub

wise-scraper

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The hook registry in references/runner/src/hooks.ts uses dynamic import() to load and execute JavaScript modules from paths provided as command-line arguments. Additionally, the engine allows arbitrary JavaScript execution within the browser context via the agent-browser eval command.
  • [COMMAND_EXECUTION]: The reference runner and example scripts (such as browser.ts and run.mjs) use child_process.execSync and Python's subprocess.run to interact with the agent-browser CLI tool for browser driving.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @anthropic-ai/agent-browser package, which is a tool from a trusted organization. It also includes several standard dependencies from the NPM registry such as cheerio, convict, and turndown.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from external websites.
  • Ingestion points: Web content scraped from arbitrary URLs via the agent-browser runner (referenced in engine.ts and run.mjs).
  • Boundary markers: The skill employs structured JSONL format for intermediate data and explicitly separates the extraction process from post-processing assembly.
  • Capability inventory: The runner can execute shell commands via execSync and load dynamic modules via the hook system.
  • Sanitization: The runner implements JavaScript-context escaping for browser evaluation but lacks robust sanitization for shell command interpolation of user-supplied selector strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 01:57 PM