Skills
skills/jarmen423/skills/crawl4ai-openrouter/Gen Agent Trust Hub

crawl4ai-openrouter

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions and a helper script (scripts/crawl4ai_extract.py) meant to be executed via a Python interpreter. This includes running a web crawler (Crawl4AI) and performing data extraction.
  • [EXTERNAL_DOWNLOADS]: The references/setup.md file instructs the user to install the crawl4ai package via pip and potentially download browser assets (Playwright) required for the crawler to function.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from external URLs provided by the user. This data is then processed by an LLM extraction strategy.
  • Ingestion points: Web content is fetched via AsyncWebCrawler.arun(url=args.url) in scripts/crawl4ai_extract.py.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the fetched HTML/Markdown are present in the extraction strategy configuration.
  • Capability inventory: The skill has network access (to crawl sites and connect to OpenRouter API) and file-read access (to load schemas).
  • Sanitization: There is no evidence of sanitization or filtering of the crawled web content before it is passed to the LLM via the LLMExtractionStrategy.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 02:52 AM