webcrawler-deep-crawl
Fail
Audited by Snyk on Jul 9, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The Skill explicitly tells the agent to extract and emit per-page content verbatim (equivalent to copy‑paste) — including text/html/markdown records written to disk — which could capture and output any secrets that appear on pages (API keys, tokens, cookies, passwords) and therefore requires the LLM to handle/output secret values verbatim.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). Yes—during the required BFS crawl, the skill navigates to outsider-controlled public pages (including URLs discovered from outsider-authored
llms.txt/sitemap.xml), thenscripts/extract-page-content.pyreads the rendered page’s DOM text/HTML/metadata and returns it astext/markdown/html, which the agent then emits into LLM-ready context (indirect prompt injection risk).
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The scripts discover-llms-txt.py and discover-sitemap.py perform runtime fetches of {origin}/llms.txt and {origin}/sitemap.xml (e.g., fetch(url, {credentials: 'include'}) in scripts/discover-llms-txt.py and scripts/discover-sitemap.py) and the fetched URL lists are parsed and directly used to control the agent's crawl queue (which pages to visit), so these runtime-fetched URLs directly control agent behavior.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata