webcrawler-deep-crawl

Fail

Audited by Snyk on Jul 9, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The Skill explicitly tells the agent to extract and emit per-page content verbatim (equivalent to copy‑paste) — including text/html/markdown records written to disk — which could capture and output any secrets that appear on pages (API keys, tokens, cookies, passwords) and therefore requires the LLM to handle/output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). Yes—during the required BFS crawl, the skill navigates to outsider-controlled public pages (including URLs discovered from outsider-authored llms.txt/sitemap.xml), then scripts/extract-page-content.py reads the rendered page’s DOM text/HTML/metadata and returns it as text/markdown/html, which the agent then emits into LLM-ready context (indirect prompt injection risk).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The scripts discover-llms-txt.py and discover-sitemap.py perform runtime fetches of {origin}/llms.txt and {origin}/sitemap.xml (e.g., fetch(url, {credentials: 'include'}) in scripts/discover-llms-txt.py and scripts/discover-sitemap.py) and the fetched URL lists are parsed and directly used to control the agent's crawl queue (which pages to visit), so these runtime-fetched URLs directly control agent behavior.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
HIGH
Analyzed
Jul 9, 2026, 11:21 AM
Issues
3
Security Audit — snyk — webcrawler-deep-crawl