scrapingbot
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official NPM registry, which is a trusted tool from the skill's author. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform authentication and manage connections to ScrapingBot. These are standard operations for the service. - [REMOTE_CODE_EXECUTION]: The skill executes actions on the remote Membrane platform via the CLI. This is the core functionality of the tool and is managed by the service provider.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes scraped data. 1. Ingestion points: Data returned from ScrapingBot API calls (SKILL.md). 2. Boundary markers: Absent; no specific instructions are provided to separate scraped content from agent instructions. 3. Capability inventory: The agent can execute
membrane action run, which can interact with other connected services. 4. Sanitization: No explicit sanitization or filtering is described for the incoming web data. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by directing the agent to use Membrane's connection system instead of requesting raw API tokens from the user.
Audit Metadata