clone-website
Warn
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently executes shell commands to maintain the build environment, specifically 'npm run build' and 'npx tsc --noEmit'. It also generates and executes a custom Node.js script ('scripts/download-assets.mjs') to handle the retrieval of site resources.
- [EXTERNAL_DOWNLOADS]: The skill's primary function involves connecting to arbitrary third-party URLs provided in arguments. It programmatically downloads various assets, including images, videos, and fonts, to the local 'public/' directory using automated scripts.
- [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection as it is designed to ingest and process text, metadata, and component structures from untrusted external websites.
- Ingestion points: Browser MCP scraping content from the user-provided target URL ($ARGUMENTS).
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore or isolate embedded instructions within the scraped website data.
- Capability inventory: The agent has the authority to write files to the project directory, execute shell commands, and perform network requests.
- Sanitization: There is no evidence of content sanitization or validation of the text extracted from the target DOM before it is processed by the LLM or written to local files.
- [DYNAMIC_EXECUTION]: The skill employs dynamic code generation by creating a JavaScript-based asset discovery routine and a separate Node.js script for resource downloading. These scripts are constructed and executed at runtime based on the state of the target website.
Audit Metadata