clone-website
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install the
agent-browserCLI tool globally via NPM if it is not detected on the host system. - [COMMAND_EXECUTION]: The workflow relies on executing several shell commands to drive the browser, manage the Node.js project, and download assets, including
agent-browser,npm,node, andcurl. - [EXTERNAL_DOWNLOADS]: The skill downloads arbitrary files (images, videos, fonts) from user-provided target URLs. It also incorporates well-known services such as Google Fonts and Unsplash for typography and fallback imagery.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted data from scraped websites without explicit protection against instructions embedded in the target content.
- Ingestion points: Scraped HTML, text, and metadata from the target URL provided by the user via
agent-browser. - Boundary markers: The instructions do not define clear boundaries or 'ignore' directives to separate the extracted data from the agent's logic.
- Capability inventory: The agent has permissions to write files to the project directory, execute shell commands, and create git worktrees.
- Sanitization: No explicit sanitization or validation of the scraped web content is performed before it is used for code generation or component specification.
Audit Metadata