crawl4ai
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a test suite runner (
tests/run_all_tests.py) that executes Python scripts in the local environment usingsubprocess.run. This execution is restricted to the skill's own bundled test files. - [DYNAMIC_EXECUTION]: The skill provides advanced features for executing JavaScript within a browser environment through configuration parameters like
js_codeandinit_scripts. This functionality is essential for its primary purpose of interacting with dynamic web content and navigating bot detection mechanisms. - [INDIRECT_PROMPT_INJECTION]: As a web retrieval tool, the skill ingests untrusted data from external websites. This introduces a surface for indirect prompt injection where malicious website content could attempt to influence the AI agent's behavior. This is an inherent risk of all web-scraping activities and is mitigated by the skill's conversion of content into structural markdown.
- Ingestion points: External URLs processed by scripts in the
scripts/directory. - Boundary markers: Content is formatted as Markdown, providing structural separation between page content and agent instructions.
- Capability inventory: File system writes (
output.md,products.json), network access (scraping), and browser-side JavaScript execution. - Sanitization: Content is converted to cleaned Markdown before being returned to the agent context.
Audit Metadata