crawl4ai

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets verbatim (e.g., api_token: "your-token", plaintext username/password in login_crawler.yml and proxy_config, and JS setting password values), which instructs the agent to handle and potentially output credential values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly crawls and ingests arbitrary public web content (e.g., via the crwl CLI and AsyncWebCrawler.arun/arun_many calls and example scripts like scripts/google_search.py and scripts/extraction_pipeline.py), then reads/parses that HTML/markdown/extracted content and even feeds it to LLM-based extraction/Q&A, which exposes the agent to untrusted third‑party content that could enable indirect prompt injection.