metascraper
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted HTML data to extract metadata like titles and descriptions, creating an indirect prompt injection surface where malicious web content could influence agent behavior.
- Ingestion points: The 'html' and 'url' properties in the metascraper function call in SKILL.md.
- Boundary markers: No explicit delimiters or boundary markers are documented to isolate external content from agent instructions.
- Capability inventory: The skill is a metadata parser; it does not contain code for command execution, file system access, or network operations beyond the implied data fetch.
- Sanitization: The rule bundles normalize data for consistency but do not provide sanitization against instruction injection in the extracted metadata fields.
Audit Metadata