clone-website
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands to build and verify the cloned project, including
npm run build,npx tsc --noEmit, and the execution of a dynamically created Node.js asset download script. - [EXTERNAL_DOWNLOADS]: It identifies and downloads remote assets such as images, videos, and fonts from the target URL provided by the user to the local filesystem.
- [REMOTE_CODE_EXECUTION]: The skill scrapes logic, structure, and content from a remote website and uses it to generate local source code and scripts which are then executed or compiled within the user's environment.
- [PROMPT_INJECTION]: The skill processes untrusted web data via browser automation to drive the generation of code and specifications, presenting a surface for indirect prompt injection.
- Ingestion points: Data enters the system via browser MCP tool access to the user-supplied target URL.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the extracted content when passed to builder agents.
- Capability inventory: The skill has file system access, the ability to write code, and the capability to execute shell commands.
- Sanitization: There is no documented validation or sanitization process for the text and CSS content extracted from the target website before it is used in code generation.
Audit Metadata