scrape-create-spider

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from user arguments and the surrounding prompt context without sanitization.
  • Ingestion points: Untrusted data enters the agent context through the $ARGUMENTS string (specifically project_dir) and variables provided in the surrounding prompt text (specifically start_urls).
  • Boundary markers: The skill does not use delimiters or explicit instructions to the agent to ignore embedded commands within the interpolated data.
  • Capability inventory: The skill utilizes the Write tool to create Python scripts and the Bash tool to execute shell commands (uv run).
  • Sanitization: There is no evidence of input validation or shell-escaping for variables like project_dir or start_urls before they are used in script generation or shell execution.
  • [COMMAND_EXECUTION]: The skill executes shell commands using unvalidated user input, which could lead to command injection.
  • Evidence: The instruction 'cd {project_dir} && uv run scrapy crawl {spider_name}' uses values provided by the user. An attacker could provide a project_dir containing shell metacharacters (e.g., '; rm -rf /') to execute arbitrary commands.
  • Script Generation: The skill uses the Write tool to generate a Python file based on a template populated with user-influenced strings, which is then executed via the shell. While the template is fixed, the direct interpolation of unvalidated input into a script that is subsequently run is a risk factor.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 05:23 AM
Security Audit — agent-trust-hub — scrape-create-spider