scrape-ensure-project
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute shell commands for project initialization, directory navigation, and environment synchronization. Specifically, it runsuvx cookiecutterusing a local template anduv syncwithin the project directory. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) through the
$ARGUMENTSinput string. It instructs the agent to parse this raw user input into variables (project_dir,project_name) which are then interpolated directly into shell commands. There are no instructions provided to validate, sanitize, or escape these inputs, creating a potential command injection vector if a user provides input containing shell metacharacters (e.g.,;,&&,|). - Ingestion points:
$ARGUMENTS(raw user input string processed inSKILL.md). - Boundary markers: None present in the prompt template.
- Capability inventory: The skill has access to the
Bashtool and performs file system operations (Write,Read). - Sanitization: No sanitization, validation, or escaping logic is defined for the input variables.
- [EXTERNAL_DOWNLOADS]: The skill triggers the download and installation of several Python packages from standard registries during the
uv syncprocess. These includescrapy,scrapy-poet,scrapy-zyte-api,web-poet,itemadapter,extruct,price-parser,jmespath, andpytest. All identified packages are standard, well-known libraries within the web scraping ecosystem and are appropriate for the skill's stated purpose.
Audit Metadata