copy-web
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of processing untrusted web content.
- Ingestion points: Fetches and analyzes HTML, CSS, and API interaction data from arbitrary, user-provided URLs using the
browser-usetool. - Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent ignores or sanitizes instructions that might be embedded within the target website's content.
- Capability inventory: The agent is empowered to generate a complete monorepo, including frontend components, backend controllers, and infrastructure configuration files.
- Sanitization: The skill does not define a process for sanitizing or validating ingested data before it is incorporated into the generated application code.
- [EXTERNAL_DOWNLOADS]: The skill uses
browser-useto fetch and download data from remote servers, including page screenshots and network request patterns.
Audit Metadata