crawl4ai
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructions and scripts (SKILL.md, basic_crawler.py) require the installation of the
crawl4ailibrary via pip. While this package is not on the specific trusted organization list, it is the standard and necessary dependency for the skill's stated purpose. - PROMPT_INJECTION (LOW): The skill is designed to crawl and process content from external URLs, creating an indirect prompt injection surface where malicious instructions in web pages could potentially influence the agent.
- Ingestion points:
AsyncWebCrawler.aruninscripts/basic_crawler.pyandarun_manyinscripts/batch_crawler.py. - Boundary markers: None are implemented in the provided scripts to delimit scraped content from agent instructions.
- Capability inventory: The skill has network access for crawling, file system access for saving markdown and JSON results, and the ability to execute JavaScript in the browser.
- Sanitization: Basic filename sanitization is implemented in
batch_crawler.py, but there is no evidence of content sanitization to prevent prompt injection. - COMMAND_EXECUTION (LOW): The
tests/run_all_tests.pyscript usessubprocess.runto execute local Python test files. This is standard behavior for a test suite but constitutes local command execution.
Audit Metadata