crawl4ai
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates the installation of the 'crawl4ai' library from the official PyPI registry, which is an established and recognized open-source tool for web scraping and data extraction.
- [SAFE]: Documentation examples for authentication and proxy configuration use safe, non-sensitive placeholders like 'your-token', 'user', and 'pass', adhering to secure coding and documentation standards.
- [SAFE]: The skill utilizes JavaScript execution ('js_code') to process dynamic website content; this execution is confined to the context of the crawled browser instance and does not pose a direct threat of command execution on the agent's host environment.
- [SAFE]: The skill ingest data from external websites, creating a standard surface for indirect prompt injection. * Ingestion points: Web content is retrieved through 'crwl' CLI commands and the 'AsyncWebCrawler' Python SDK. * Boundary markers: No specific delimiters are defined in the provided examples to segregate untrusted content from agent instructions. * Capability inventory: The skill focuses on data crawling and transformation into markdown; it does not grant the ingested data access to high-privilege system operations or arbitrary code execution. * Sanitization: The library provides built-in markdown generation and content filtering strategies (e.g., BM25) to normalize and clean retrieved web data.
Audit Metadata