clone-website
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill downloads images from Unsplash and uses Firecrawl to scrape website data. These are known services and the skill uses them according to its stated purpose.
- [COMMAND_EXECUTION] (LOW): The skill suggests running
npx shadcn@latest add ...to install UI components. While standard for Next.js development, installing packages based on external scraping results is a minor risk. - [INDIRECT PROMPT INJECTION] (LOW): The skill's primary function is to ingest data from an attacker-controlled website (via Firecrawl) and interpolate that data into code generation prompts.
- Ingestion points:
firecrawl-mcp___firecrawl_scrapeinSKILL.mdphase 1. - Boundary markers: Present. The skill uses a mandatory Phase 2 analysis step where the user must review and confirm the extracted data before code generation occurs.
- Capability inventory: File writing (
app/,components/,public/images/) and package installation (npx shadcn). - Sanitization: Not explicitly defined in instructions beyond the 'Analysis Template' review by the user. An attacker could embed malicious instructions in the HTML of a site meant to be 'cloned' to influence the generator's behavior.
Audit Metadata