xcrawl
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes inline Node.js scripts via 'node -e' to read local configuration files and parse JSON output from API responses.
- [DATA_EXFILTRATION]: The skill reads the sensitive local configuration file at '~/.xcrawl/config.json' to retrieve the XCRAWL_API_KEY and transmits it in the Authorization header to the vendor's API endpoint at 'run.xcrawl.com'.
- [EXTERNAL_DOWNLOADS]: The skill uses 'curl' and 'node' to fetch content from the external domain 'run.xcrawl.com' and any user-specified URLs.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of untrusted data from external websites.
- Ingestion points: Scraped content from user-provided URLs is retrieved through the 'v1/scrape' endpoint.
- Boundary markers: Absent; instructions direct the agent to return the raw response body as-is without delimiters or warnings.
- Capability inventory: The skill possesses broad tool permissions including Bash (curl/node), Read, Write, Edit, and Grep.
- Sanitization: Absent; there is no validation or filtering of content retrieved from external sites before it is passed to the agent.
- [SAFE]: The API's default configuration includes 'skip_tls_verification: true', which is a security best practice violation that increases susceptibility to man-in-the-middle attacks.
Audit Metadata