audit-website
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The documentation describes an indirect prompt injection vector by design. The tool crawls untrusted external websites and generates a report intended for direct AI consumption.
- Ingestion points: External content such as meta tags and site descriptions from audited URLs are ingested into the LLM context.
- Boundary markers: The format uses XML tags and claimed character escaping (e.g., &, <), which provide structure but may be insufficient against adversarial instructions aimed at hijacking the LLM.
- Capability inventory: The tool provides 'Fix' recommendations; if a downstream agent is tasked with applying these fixes, an attacker could trigger unintended system changes by poisoning the website's metadata.
- Sanitization: Implementation details for sanitizing crawled content are referenced (llm.ts) but the code is not included in the provided files for verification.
Audit Metadata