crawl4ai

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a test suite runner (tests/run_all_tests.py) that executes Python scripts in the local environment using subprocess.run. This execution is restricted to the skill's own bundled test files.
  • [DYNAMIC_EXECUTION]: The skill provides advanced features for executing JavaScript within a browser environment through configuration parameters like js_code and init_scripts. This functionality is essential for its primary purpose of interacting with dynamic web content and navigating bot detection mechanisms.
  • [INDIRECT_PROMPT_INJECTION]: As a web retrieval tool, the skill ingests untrusted data from external websites. This introduces a surface for indirect prompt injection where malicious website content could attempt to influence the AI agent's behavior. This is an inherent risk of all web-scraping activities and is mitigated by the skill's conversion of content into structural markdown.
  • Ingestion points: External URLs processed by scripts in the scripts/ directory.
  • Boundary markers: Content is formatted as Markdown, providing structural separation between page content and agent instructions.
  • Capability inventory: File system writes (output.md, products.json), network access (scraping), and browser-side JavaScript execution.
  • Sanitization: Content is converted to cleaned Markdown before being returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:51 AM
Security Audit — agent-trust-hub — crawl4ai