crawl-site
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary purpose is to ingest and summarize untrusted content from the web, which is a classic vector for indirect prompt injection.
- Ingestion points: Data enters the agent via
start_crawland subsequent processing of the downloaded site content. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the crawled content are mentioned in the workflow.
- Capability inventory: The skill has the capability to read full site trees and report summarized results to the user/agent.
- Sanitization: There is no evidence of sanitization or filtering of the HTML/text content before it is processed by the agent.
- Data Exposure & Exfiltration (SAFE): While the skill documentation mentions
customCookiesandcustomHeadersfor authentication, no hardcoded secrets or exfiltration patterns were detected. These are presented as configuration options for the user.
Audit Metadata