scrape
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Utilizes the
Bashtool to manage the development environment and execute scraping tasks. It runs theuvpackage manager, the Scrapy framework, andpytestfor validating the generated extraction logic. - [EXTERNAL_DOWNLOADS]: Fetches data from user-provided target URLs to facilitate site analysis. It also references official documentation from trusted sources like Scrapy and Zyte.
- [REMOTE_CODE_EXECUTION]: Dynamically generates Python code for page objects and spiders based on the analysis of external web content. This generated code is subsequently executed locally using
uv runto perform data extraction and testing. - [PROMPT_INJECTION]: Exhibits an indirect prompt injection surface (Category 8) by processing untrusted external HTML to derive extraction schemas and generate code.
- Ingestion points: External web content is downloaded and stored in the
.scrape/directory for analysis by sub-skills. - Boundary markers: There are no explicit instructions or delimiters defined in the orchestrator to prevent the AI from following malicious instructions potentially embedded in the scraped HTML.
- Capability inventory: The skill has broad capabilities, including writing files to the local system and executing shell commands/Python code.
- Sanitization: The skill lacks explicit sanitization or filtering of external data before using it as a template or input for code generation.
Audit Metadata