crawl4ai

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed plaintext credentials (e.g., proxy_config username/password, JS login username/password, and cookie usage), which would require the LLM to include secret values verbatim in generated code or commands, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts and examples (e.g., scripts/basic_crawler.py using crawler.arun(url), scripts/batch_crawler.py using crawler.arun_many(urls), and extraction_pipeline.py which ingests result.markdown / result.extracted_content) crawl and ingest arbitrary public websites supplied by users, so the agent will read untrusted third-party content that could contain indirect prompt injection.