scrape-codegen
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run various commands, including a fixture conversion script and project tests using
uv run. User-provided arguments are interpolated into these shell commands, which presents a risk of command injection if arguments are not properly handled by the agent. - [PROMPT_INJECTION]: The skill processes untrusted HTML and JSON data from an extraction spec. This content is passed to analysis sub-agents, creating an indirect prompt injection surface where malicious instructions embedded in the target data could influence the agent's behavior.
- Ingestion points: Reads
spec.json, HTML snapshots, and value files from thespec_pathdirectory. - Boundary markers: No explicit boundary markers or instructions to ignore embedded content are used when passing data to analysis agents.
- Capability inventory: The skill can execute shell commands, read/write files, and launch sub-agents.
- Sanitization: No content validation or sanitization is performed on the ingested HTML or JSON files.
- [REMOTE_CODE_EXECUTION]: The skill executes
pytestwithin the project directory. Sincepytestautomatically discovers and runs Python code, this step could execute arbitrary malicious code if it exists within the project or is introduced via the generation process.
Audit Metadata