docs-crawler
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/crawl/fetch-page.ts utilizes node:child_process.spawnSync to execute npx playwright install chromium. This action is triggered only when the required browser binaries are missing, ensuring the crawler can handle JavaScript-rendered content.
- [EXTERNAL_DOWNLOADS]: The skill performs automated downloads of HTML and image assets from user-provided URLs. It uses the fetch API for static content and image localization, as seen in scripts/crawl/fetch-page.ts and scripts/crawl/images.ts.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the installation of the Chromium browser through the trusted npx package runner. This process downloads and executes binaries from official sources to support the playwright rendering engine.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from processed websites. It mitigates this risk by using @mozilla/readability to extract only main content and turndown for sanitization, as implemented in scripts/crawl/extract.ts. Mandatory Evidence Chain (Indirect Prompt Injection):
- Ingestion points: fetchStatic and fetchRendered in scripts/crawl/fetch-page.ts.
- Boundary markers: Absent in the corpus markdown output.
- Capability inventory: File system writes and subprocess execution across multiple scripts.
- Sanitization: Use of Readability and Turndown in scripts/crawl/extract.ts to filter external content.
Audit Metadata