crawl4ai

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that place API tokens, proxy credentials, and site login passwords directly in config files and scripts (e.g., api_token: "your-token", proxy username/password, JS login values), which encourages the LLM or user to embed secret values verbatim into generated configs/commands and thereby creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and processes arbitrary public web content (e.g., CLI "crwl ", AsyncWebCrawler.arun/arun_many in the Python SDK, scripts/batch_crawler.py and extraction_pipeline.py), then feeds untrusted HTML/markdown into markdown generation, LLM extraction and Q&A workflows—exposing the agent to potential indirect prompt injection from user-provided or public sites.