web-clone
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a suite of Node.js scripts (
.mjs) designed to initialize clone workspaces, audit code for tracking scripts, and perform technical teardowns. These scripts are invoked via the command line and interact with the local filesystem to store cloned data and generated reports. - [EXTERNAL_DOWNLOADS]: Scripts such as
asset-harvest.mjsandmirror-site.mjsperform network requests to download images, stylesheets, scripts, and other assets from user-specified websites. By default, downloads are scoped to the origin hostname to prevent unintended cross-site fetches. - [REMOTE_CODE_EXECUTION]: Several reconnaissance scripts (
recon-site.mjs,interaction-probe.mjs,route-crawl.mjs) use Playwright to navigate to and render external websites. This process executes the target website's JavaScript within a controlled browser environment to analyze its runtime behavior and visual structure. - [DATA_EXFILTRATION]: While the skill primarily downloads data from websites, the
network-capture.mjsscript records XHR and fetch responses from the target site and saves them as local fixtures. This allows for the capture of dynamic data and API responses for local study and reconstruction. - [INDIRECT_PROMPT_INJECTION]: As the skill is designed to ingest and process data from arbitrary websites (including HTML, metadata, and script content), it possesses an attack surface for indirect prompt injection. A malicious website could contain hidden instructions intended to influence the agent's analysis or output when the skill is used to clone that specific site.
Audit Metadata