scrape-add-page-object

Warn

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses uv run to execute a Python script (add_page_object.py) with arguments derived from the agent's input string. This pattern is standard for the skill's purpose but involves shell command construction.
  • [REMOTE_CODE_EXECUTION]: The script scripts/add_page_object.py uses importlib.import_module() to dynamically load classes based on the ITEM_CLASS argument. This is performed within the user's project environment (via sys.path.insert(0, '.')). If an attacker can control the project files or the arguments passed to the skill, they could potentially trigger the execution of arbitrary code by tricking the script into importing a malicious module.
  • [REMOTE_CODE_EXECUTION]: The skill dynamically fetches and installs the libcst package at runtime using the uv run --with libcst flag. While libcst is a well-known library, runtime package installation from remote registries introduces a dependency on external services.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied arguments ($ARGUMENTS) to determine file paths, class names, and domains.
  • Ingestion points: Raw argument string $ARGUMENTS in SKILL.md flowing into add_page_object.py.
  • Boundary markers: None. Input is parsed directly by argparse.
  • Capability inventory: file_path.write_text (file write), import_module (code execution), and uv run (subprocess execution).
  • Sanitization: Limited. _fields validates identifiers, and _import_path performs basic string splitting.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 10:17 AM
Security Audit — agent-trust-hub — scrape-add-page-object