web-scraper
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to generate a Python script ('scraper.py') and execute it using the 'python' command. The script's content is dynamically constructed using parameters and headers extracted from external network traffic ('capture.har'), which could allow an attacker to inject malicious code if they control the target website's headers or API responses.
- [CREDENTIALS_UNSAFE]: The process involves capturing sensitive session data, including cookies and authorization headers, into a HAR file ('capture.har') and subsequently hardcoding these credentials into the generated 'scraper.py' script. Storing these secrets in plain text in a temporary directory ('/tmp/web-scraper-...') exposes them to local threats.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting untrusted data from external URLs via 'agent-browser' and analyzing the resulting HAR file. Ingestion points: 'capture.har' (SKILL.md) and API responses. Boundary markers: Absent. Capability inventory: file-write ('scraper.py'), shell execution ('python'), tool access ('agent-browser'). Sanitization: Absent.
- [DATA_EXFILTRATION]: The skill enables reading sensitive local files (the HAR capture containing credentials) and performing network operations (via the generated script and 'agent-browser'). This combination can be leveraged to exfiltrate session credentials to an external server if the agent is influenced by malicious instructions in the scraped data.
Audit Metadata