skills/zytedata/skills/scrape-codegen/Gen Agent Trust Hub

scrape-codegen

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run various commands, including a fixture conversion script and project tests using uv run. User-provided arguments are interpolated into these shell commands, which presents a risk of command injection if arguments are not properly handled by the agent.
  • [PROMPT_INJECTION]: The skill processes untrusted HTML and JSON data from an extraction spec. This content is passed to analysis sub-agents, creating an indirect prompt injection surface where malicious instructions embedded in the target data could influence the agent's behavior.
  • Ingestion points: Reads spec.json, HTML snapshots, and value files from the spec_path directory.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded content are used when passing data to analysis agents.
  • Capability inventory: The skill can execute shell commands, read/write files, and launch sub-agents.
  • Sanitization: No content validation or sanitization is performed on the ingested HTML or JSON files.
  • [REMOTE_CODE_EXECUTION]: The skill executes pytest within the project directory. Since pytest automatically discovers and runs Python code, this step could execute arbitrary malicious code if it exists within the project or is introduced via the generation process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:33 PM
Security Audit — agent-trust-hub — scrape-codegen