cloning-websites-to-weaverse
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the Firecrawl CLI to fetch content from external URLs provided by the user during the scraping and crawling phases.- [COMMAND_EXECUTION]: The skill workflow involves executing shell commands to scrape websites and manages the creation and deletion of local project files.
- Evidence: Steps 3 and 4 execute
firecrawlcommands. Step 7 involves generating a new Hydrogen route atapp/routes/clone-preview.$page.tsxbased on scraped content. - Mitigation: A mandatory user approval checkpoint is defined in Step 8, requiring the user to verify the generated preview route before the agent proceeds to section decomposition.
- [PROMPT_INJECTION]: The skill processes untrusted data from the web (HTML and Markdown), which presents an indirect prompt injection surface where malicious instructions hidden in a source website could attempt to influence the agent's code generation logic.
- Ingestion points: Data enters the agent's context via Firecrawl scrape output (SKILL.md Step 3 and 4).
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the scraped content.
- Capability inventory: The skill possesses file-write capabilities (
app/routes/clone-preview.$page.tsx) and network access. - Sanitization: No explicit sanitization or filtering of the scraped content is documented before it is interpolated into the React route generation logic.
Audit Metadata