clone-website
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from external websites via Firecrawl to generate code, creating an attack surface where malicious content on a target site could influence the agent's code generation.
- Ingestion points: External URLs are scraped using the
firecrawl-mcp___firecrawl_scrapetool as defined in Phase 1 ofSKILL.md. - Boundary markers: The skill implements a mandatory 'Phase 2: Analysis' where a report based on
references/analysis-template.mdmust be approved by the user before code is generated. While this provides a human-in-the-loop checkpoint, there are no explicit instructions for the agent to ignore hidden commands within the scraped HTML/Markdown. - Capability inventory: The skill can create a full Next.js project structure, write multiple code files (
app/page.tsx,components/landing/*.tsx), and perform network requests to download images viafetchas specified in the Image Handling section ofSKILL.md. - Sanitization: There is no explicit sanitization or filtering of the scraped content mentioned in the instructions before it is used for component generation.
- [EXTERNAL_DOWNLOADS]: The skill fetches images from arbitrary URLs discovered during the scraping process. It also uses Unsplash as a fallback service, which is a well-known and reputable image provider.
- [COMMAND_EXECUTION]: The documentation in
references/tech-stack.mdreferences the use ofnpx shadcn@latest addto install UI components. These are standard commands for the referenced technology stack and represent intended developer workflow rather than malicious execution.
Audit Metadata