Skills
skills/xcrawl-api/xcrawl-skills/xcrawl-crawl/Gen Agent Trust Hub

xcrawl-crawl

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses node -e to execute dynamic JavaScript snippets that read the XCRAWL_API_KEY from a local file (~/.xcrawl/config.json) and parse JSON data from API responses.
  • [EXTERNAL_DOWNLOADS]: The skill initiates network requests to the vendor's API at run.xcrawl.com and directs users to dash.xcrawl.com for account and credit management.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface because it retrieves raw content from arbitrary external websites and returns it to the agent without sanitization or boundary delimiters.
  • Ingestion points: Data is ingested through the GET /v1/crawl/{crawl_id} endpoint, which returns the results of crawled pages.
  • Boundary markers: There are no explicit delimiters or system instructions to the agent to treat the crawled content as untrusted or to ignore instructions embedded within it.
  • Capability inventory: The skill allows the agent to execute shell commands (via curl and node) and perform file system operations (Read, Write, Edit, Grep).
  • Sanitization: The skill does not perform any validation, escaping, or filtering of the external content before delivering it to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 10:00 AM