scrape-spec
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the Bash tool for directory management, file copying, and executing local Python scripts such as
extract_links.pyandextract_values.pyvia theuvpackage runner. - [EXTERNAL_DOWNLOADS]: It orchestrates the retrieval of content from external web URLs using the
/scrape-explore-sitesubagent and handles authentication for Zyte, a well-known web scraping service, through the/scrape-zyte-loginskill. - [PROMPT_INJECTION]: The skill processes untrusted data from external sites, establishing an indirect prompt injection surface.
- Ingestion points: Site specifications in
{site_path}/spec.jsonand scraped HTML variants (raw.html,rendered.html) from external domains. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat scraped content as untrusted data.
- Capability inventory: The skill utilizes the
Bashtool for shell commands, theAgenttool for sub-tasks, and file system write access via theWritetool. - Sanitization: The instructions do not specify any validation, filtering, or escaping of the HTML or JSON data before it is analyzed by subagents.
Audit Metadata