crawl-cli
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted data from the web.
- Ingestion points: External content is fetched and processed through
page.content()andpage.evaluate()inlib/scraper.tsandlib/crawler.ts. - Boundary markers: The code snippets do not include explicit delimiters or system instructions to ignore embedded commands within the scraped HTML content.
- Capability inventory: The skill enables browser automation (Playwright), network requests to arbitrary URLs, and data extraction functionality.
- Sanitization: There is no evidence of sanitization or filtering applied to the extracted web content before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions to install the
playwrightpackage and Chromium browser vianpmandnpx. These are standard dependencies for browser automation and are sourced from Microsoft, a trusted organization.
Audit Metadata