Skills
skills/hwj123hwj/custom-skills/skill-browser-crawl/Gen Agent Trust Hub

skill-browser-crawl

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites.
  • Ingestion points: Web content is fetched in scripts/basic_crawl.py (line 103) and scripts/deep_crawl.py (line 173) via the crawl4ai library.
  • Boundary markers: The scripts do not implement clear boundary markers or instructions to prevent the agent from following commands embedded in the crawled content.
  • Capability inventory: The skill can perform network requests and write files to the local filesystem.
  • Sanitization: There is no evidence of sanitization or filtering of the Markdown content extracted from web pages.
  • [COMMAND_EXECUTION]: The skill uses uv run to execute local Python scripts. The scripts/deep_crawl.py script generates output file paths using URL path segments (self.output_dir / f"{path}.md"). Because it only performs simple stripping of slashes, it may be vulnerable to a path traversal attack if a malicious starting URL with directory traversal sequences is provided.
  • [EXTERNAL_DOWNLOADS]: The skill specifies crawl4ai as a dependency, which is a legitimate third-party library for web crawling and is installed from the standard Python package registry.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:48 PM