scrape-ensure-project

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands for project initialization, directory navigation, and environment synchronization. Specifically, it runs uvx cookiecutter using a local template and uv sync within the project directory.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) through the $ARGUMENTS input string. It instructs the agent to parse this raw user input into variables (project_dir, project_name) which are then interpolated directly into shell commands. There are no instructions provided to validate, sanitize, or escape these inputs, creating a potential command injection vector if a user provides input containing shell metacharacters (e.g., ;, &&, |).
  • Ingestion points: $ARGUMENTS (raw user input string processed in SKILL.md).
  • Boundary markers: None present in the prompt template.
  • Capability inventory: The skill has access to the Bash tool and performs file system operations (Write, Read).
  • Sanitization: No sanitization, validation, or escaping logic is defined for the input variables.
  • [EXTERNAL_DOWNLOADS]: The skill triggers the download and installation of several Python packages from standard registries during the uv sync process. These include scrapy, scrapy-poet, scrapy-zyte-api, web-poet, itemadapter, extruct, price-parser, jmespath, and pytest. All identified packages are standard, well-known libraries within the web scraping ecosystem and are appropriate for the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 05:23 AM
Security Audit — agent-trust-hub — scrape-ensure-project