web-scanning
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and run@axe-core/cli,capture-website-cli, andplaywrightfrom the npm registry. It also usescurlto fetch sitemaps and web content from external URLs for auditing purposes. - [COMMAND_EXECUTION]: The skill provides command templates to execute shell operations for web scanning, screenshot capture, and data parsing using
grep. It includes the--no-sandboxflag for Chrome, which is standard for containerized environments but reduces browser isolation. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting untrusted data from the web. \n
- Ingestion points: Fetches and processes external site data via
curland link crawling. \n - Boundary markers: Does not specify the use of delimiters or clear separation between retrieved web content and the agent's instructions. \n
- Capability inventory: Has the ability to execute shell commands (
npx), write files to the workspace (--save), and perform network requests. \n - Sanitization: Implements basic filtering of URLs based on extensions (e.g., skipping
.zip,.pdf) but lacks content-level sanitization for the retrieved HTML or text.
Audit Metadata