skills/zytedata/skills/scrape-spec/Gen Agent Trust Hub

scrape-spec

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the Bash tool for directory management, file copying, and executing local Python scripts such as extract_links.py and extract_values.py via the uv package runner.
  • [EXTERNAL_DOWNLOADS]: It orchestrates the retrieval of content from external web URLs using the /scrape-explore-site subagent and handles authentication for Zyte, a well-known web scraping service, through the /scrape-zyte-login skill.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sites, establishing an indirect prompt injection surface.
  • Ingestion points: Site specifications in {site_path}/spec.json and scraped HTML variants (raw.html, rendered.html) from external domains.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat scraped content as untrusted data.
  • Capability inventory: The skill utilizes the Bash tool for shell commands, the Agent tool for sub-tasks, and file system write access via the Write tool.
  • Sanitization: The instructions do not specify any validation, filtering, or escaping of the HTML or JSON data before it is analyzed by subagents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 04:54 PM
Security Audit — agent-trust-hub — scrape-spec