Skills
skills/zephyrwang6/info-skill/web-scraper/Gen Agent Trust Hub

web-scraper

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8). The skill fetches content from external, untrusted URLs and integrates the processed markdown into the agent's context. This allows an attacker-controlled website to potentially influence the agent's behavior by embedding instructions in the scraped text.
  • Ingestion points: scripts/fetch_url.py (via requests or urllib)
  • Boundary markers: Absent. Scraped content is converted to markdown and returned directly to the agent without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The script can fetch content from any network-accessible URL and return it as text.
  • Sanitization: Absent. While the HTML parser removes tags, it preserves all text data, which may include malicious prompt instructions.
  • [DATA_EXFILTRATION]: Network Operations and SSRF Risk. The script performs network requests to arbitrary domains. This creates a risk of Server-Side Request Forgery (SSRF), where the agent could be manipulated into probing or accessing internal network resources, local services, or cloud provider metadata endpoints (e.g., 169.254.169.254).
  • [DATA_EXFILTRATION]: Insecure SSL Configuration. The fetch_with_urllib function in scripts/fetch_url.py explicitly disables SSL hostname checking and certificate verification using ssl.CERT_NONE. This security bypass makes the connection vulnerable to Man-in-the-Middle (MitM) attacks, allowing an attacker to intercept or modify the content being scraped.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 04:17 PM
Security Audit — agent-trust-hub — web-scraper