clone-website
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it crawls untrusted external websites and directly uses the extracted content to guide the automated generation of React components.
- Ingestion points: Untrusted text, layout data, and attributes are ingested from target URLs via Chrome MCP.
- Boundary markers: There are no explicit markers or instructions telling sub-agents to disregard instructions embedded in the target website's text.
- Capability inventory: The skill possesses the capability to write files to the local source directory and execute shell commands via npm and npx.
- Sanitization: No sanitization of the scraped website content is performed before it is passed to the builder agents.
- [COMMAND_EXECUTION]: The skill executes several build and verification commands locally.
- Evidence: The instructions require running
npm run buildandnpx tsc --noEmitat multiple stages of the cloning process. - [EXTERNAL_DOWNLOADS]: The skill performs automated downloads of remote assets.
- Evidence: It uses a script through Chrome MCP to enumerate and batch-download images, videos, and SVGs from the target URL.
Audit Metadata