scrape-explore-site
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill is designed to fetch and process HTML content from arbitrary external URLs. An attacker could craft a website with malicious text or metadata (e.g., within anchor tags or hidden HTML comments) to manipulate the agent's logic when it classifies links or selects pages for further exploration.
- Ingestion points: External HTML content is downloaded via
scripts/download.pyand processed byscripts/extract_links.py. - Boundary markers: Absent. The skill lacks explicit instructions or technical delimiters to tell the agent to ignore potentially malicious instructions embedded within the processed website data.
- Capability inventory: The skill has access to
Bash,Read, andWritetools. It executes several local Python scripts that perform network requests and write structured data to the local filesystem. - Sanitization: While the extraction scripts use structured parsing (e.g.,
parsel), the resulting text and link data are presented directly to the agent without sanitization or filtering to prevent instruction injection.
Audit Metadata