Skills
skills/arjunkshah/cloner-skill/clone-website/Gen Agent Trust Hub

clone-website

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Susceptibility to Indirect Prompt Injection. The skill uses Chrome MCP to extract text, HTML structure, and metadata from arbitrary user-provided URLs. This content is used to generate specifications and prompts for builder sub-agents. Maliciously crafted content on the target website could potentially influence the behavior of the agent or its sub-agents.
  • Ingestion points: Extraction of textContent and DOM data from external websites via Chrome MCP.
  • Boundary markers: Absent. No delimiters or warnings are used to isolate untrusted web content in prompts.
  • Capability inventory: Shell command execution (npm/npx), file system writes, and dispatching parallel builder agents.
  • Sanitization: Absent. The skill extracts and uses content verbatim from target sites.
  • [COMMAND_EXECUTION]: Executes local build and type-checking commands including npm run build and npx tsc --noEmit. These operations occur within a project environment where the code and configuration are dynamically generated from untrusted web data.
  • [EXTERNAL_DOWNLOADS]: Automates the retrieval of binary assets (images, videos, fonts) from arbitrary remote URLs using a generated Node.js script (scripts/download-assets.mjs). This involves network requests to untrusted third-party domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 04:07 PM