Skills
skills/xcrawl-api/xcrawl-skills/xcrawl-map/Gen Agent Trust Hub

xcrawl-map

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Executes curl and node commands via the Bash tool to perform API requests to the XCrawl service.
  • [DATA_EXFILTRATION]: Accesses the local configuration file at ~/.xcrawl/config.json to read the user's XCRAWL_API_KEY for authentication.
  • [EXTERNAL_DOWNLOADS]: Communicates with the external API at https://run.xcrawl.com to perform URL mapping tasks.
  • [DATA_EXFILTRATION]: Sends the retrieved API key in the Authorization header to the external XCrawl service as part of the request flow.
  • [INDIRECT_PROMPT_INJECTION]: Ingests and returns raw data from an external API, creating a surface for potential indirect instructions.
  • Ingestion points: Data returned from the https://run.xcrawl.com/v1/map endpoint.
  • Boundary markers: Absent; the skill is designed to return raw upstream API responses.
  • Capability inventory: Uses the Bash tool for curl and node command execution.
  • Sanitization: Absent; the skill performs raw passthrough of the API response body.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 10:00 AM