crawl4ai
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to execute shell commands for installation and environment setup, including
pip install crawl4aiandcrawl4ai-setup. These are standard procedures for the documented tool. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of the
crawl4aiPython package from the official PyPI registry. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external websites via the
AsyncWebCrawler.arunmethod. This creates a surface for indirect prompt injection attacks where malicious instructions embedded in a crawled webpage could influence the agent's subsequent actions. - Ingestion points: Web content retrieved via
crawler.arun(url=...)in SKILL.md. - Boundary markers: None explicitly defined in the provided instructions to isolate crawled content from agent instructions.
- Capability inventory: Includes network access (crawling), shell command execution (
pip install), and potential file system interactions through the mentioned RAG indexing workflow. - Sanitization: No explicit sanitization or validation of the crawled content is described in the skill.
Audit Metadata