crawl4ai

Fail

Audited by Snyk on Jun 13, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes explicit examples of API tokens, proxy credentials, and login passwords embedded directly into config files and YAML (e.g., api_token: "your-token", proxy username/password, js_code with password), which would require the agent to accept, store, or emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.95). The skill’s runtime crawl path fetches arbitrary public web pages/URLs and converts their HTML into markdown (e.g., crwl <url> / AsyncWebCrawler.arun(url)result.markdown), so outsider-authored free text from those pages is ingested into the agent’s LLM context via the produced markdown/content.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the entire skill documentation for high-entropy, literal credentials.

Flagged:

  • Found a high-entropy API token: gsk_1ClHGGJ7Lpn4WGybR7vNWGdyb3FY7zXEw3SCiy0BAVM9lL8CQv This appears in the LLMConfig / Complete SDK Reference examples (LLMConfig section). It is long, random-looking, and uses a "gsk_" prefix consistent with real API tokens — not a generic placeholder — so it meets the definition of a secret.

Ignored items (not flagged) and why:

  • "sk-YOUR_API_KEY", "your-token", "your-api-token", "sk-YOUR_API_KEY", "your-openai-token" etc. — documentation placeholders (explicitly example values).
  • "user", "pass" and similar short strings used in examples (proxy_config, login examples) — low-entropy setup/example values.
  • Environment variable references like "env:GEMINI_API_TOKEN" or os.getenv("OPENAI_API_KEY") — names only, no secret value present.
  • Any truncated/redacted forms or clearly labeled sample values — treated as placeholders per the rules.

Because the gsk_... string is a complete, high-entropy token and not marked as a placeholder, I mark it as a real secret present in the documentation.

Issues (3)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 02:12 AM
Issues
3
Security Audit — snyk — crawl4ai