scrape-codegen
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Shell commands are constructed using user-provided arguments such as
spec_pathandproject_dir. This includes runninguv run pytestinside the project directory, which executes code from that environment. Lack of sanitization on these arguments could lead to command injection if the user-supplied paths contain shell metacharacters. - [PROMPT_INJECTION]: The skill ingests untrusted data from an extraction spec, including
spec.json, HTML variant files, and expected values. This data is used to steer the code generation process and is passed to analysis agents. - Ingestion points: Reads files from
{spec_path}/spec.json,{spec_path}/pages/, and{spec_path}/values/. - Boundary markers: No explicit boundary markers or instructions to ignore embedded content are used when passing this data to sub-agents.
- Capability inventory: The skill has
Writeaccess to the filesystem,Bashfor command execution, and the ability to invoke otherAgentandSkilltools. - Sanitization: No evidence of sanitization or validation of the content of the extraction spec before processing.
- [DYNAMIC_EXECUTION]: The skill's primary purpose is generating Python code and then executing it using
pytest. While this is the intended functionality, it involves the automated creation and execution of code based on external inputs.
Audit Metadata