scrapling

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These links include an unknown GitHub repo (D4Vinci/Scrapling) referenced for installation plus instructions to run local install scripts that download browsers/dependencies, recommend disabling SSL verification, and advertise Cloudflare/anti‑bot bypassing — combining an unvetted code source with binary downloads and installation commands is a strong supply‑chain/execution risk and could be used to distribute malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and scrapes arbitrary public URLs (see SKILL.md Quick Start and the scripts/scrapling_fetch.py which call Fetcher.get/DynamicFetcher.fetch/StealthyFetcher.fetch) and its Spider examples parse page content and follow links, so untrusted third‑party web content is read and can drive subsequent requests and actions.