scrape-add-page-object
Warn
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
uv runto execute a Python script (add_page_object.py) with arguments derived from the agent's input string. This pattern is standard for the skill's purpose but involves shell command construction. - [REMOTE_CODE_EXECUTION]: The script
scripts/add_page_object.pyusesimportlib.import_module()to dynamically load classes based on theITEM_CLASSargument. This is performed within the user's project environment (viasys.path.insert(0, '.')). If an attacker can control the project files or the arguments passed to the skill, they could potentially trigger the execution of arbitrary code by tricking the script into importing a malicious module. - [REMOTE_CODE_EXECUTION]: The skill dynamically fetches and installs the
libcstpackage at runtime using theuv run --with libcstflag. Whilelibcstis a well-known library, runtime package installation from remote registries introduces a dependency on external services. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied arguments (
$ARGUMENTS) to determine file paths, class names, and domains. - Ingestion points: Raw argument string
$ARGUMENTSinSKILL.mdflowing intoadd_page_object.py. - Boundary markers: None. Input is parsed directly by
argparse. - Capability inventory:
file_path.write_text(file write),import_module(code execution), anduv run(subprocess execution). - Sanitization: Limited.
_fieldsvalidates identifiers, and_import_pathperforms basic string splitting.
Audit Metadata