scrape-ensure-project
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing raw user input without sanitization or boundary markers.
- Ingestion points: The
$ARGUMENTSvariable inSKILL.mdreceives raw, unvalidated input from the user. - Boundary markers: Absent. The input is interpolated directly into instructions for the agent to split and use in shell commands without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill uses the
Bashtool to executeuvx cookiecutteranduv sync(SKILL.md). - Sanitization: Absent. There is no logic to filter or escape the content of
$ARGUMENTSbefore it influences the command construction. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform system-level operations for project scaffolding. - Evidence:
uvx cookiecutter --no-input ${CLAUDE_SKILL_DIR}/assets/project-template ...anduv syncinSKILL.md. - Context: These commands are used to automate the setup of a Scrapy development environment, which is the primary purpose of the skill.
- [EXTERNAL_DOWNLOADS]: The skill triggers the download of Python packages and CLI utilities from official registries.
- Evidence:
uv syncinstalls several Scrapy-related dependencies, anduvx cookiecutterdownloads the cookiecutter tool. - Context: The dependencies (e.g.,
scrapy,scrapy-zyte-api) are well-known libraries in the scraping ecosystem. Several are vendor-maintained resources from 'zytedata', consistent with the skill's authorship.
Audit Metadata