scrape-ensure-project

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing raw user input without sanitization or boundary markers.
  • Ingestion points: The $ARGUMENTS variable in SKILL.md receives raw, unvalidated input from the user.
  • Boundary markers: Absent. The input is interpolated directly into instructions for the agent to split and use in shell commands without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill uses the Bash tool to execute uvx cookiecutter and uv sync (SKILL.md).
  • Sanitization: Absent. There is no logic to filter or escape the content of $ARGUMENTS before it influences the command construction.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform system-level operations for project scaffolding.
  • Evidence: uvx cookiecutter --no-input ${CLAUDE_SKILL_DIR}/assets/project-template ... and uv sync in SKILL.md.
  • Context: These commands are used to automate the setup of a Scrapy development environment, which is the primary purpose of the skill.
  • [EXTERNAL_DOWNLOADS]: The skill triggers the download of Python packages and CLI utilities from official registries.
  • Evidence: uv sync installs several Scrapy-related dependencies, and uvx cookiecutter downloads the cookiecutter tool.
  • Context: The dependencies (e.g., scrapy, scrapy-zyte-api) are well-known libraries in the scraping ecosystem. Several are vendor-maintained resources from 'zytedata', consistent with the skill's authorship.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:34 PM
Security Audit — agent-trust-hub — scrape-ensure-project