scrape-codegen

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Shell commands are constructed using user-provided arguments such as spec_path and project_dir. This includes running uv run pytest inside the project directory, which executes code from that environment. Lack of sanitization on these arguments could lead to command injection if the user-supplied paths contain shell metacharacters.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from an extraction spec, including spec.json, HTML variant files, and expected values. This data is used to steer the code generation process and is passed to analysis agents.
  • Ingestion points: Reads files from {spec_path}/spec.json, {spec_path}/pages/, and {spec_path}/values/.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded content are used when passing this data to sub-agents.
  • Capability inventory: The skill has Write access to the filesystem, Bash for command execution, and the ability to invoke other Agent and Skill tools.
  • Sanitization: No evidence of sanitization or validation of the content of the extraction spec before processing.
  • [DYNAMIC_EXECUTION]: The skill's primary purpose is generating Python code and then executing it using pytest. While this is the intended functionality, it involves the automated creation and execution of code based on external inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 05:23 AM
Security Audit — agent-trust-hub — scrape-codegen