skills/adobe/skills/cdp-connect/Gen Agent Trust Hub

cdp-connect

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Node.js script to interact with the browser and performs file system operations.
  • Evidence: The script scripts/cdp.js uses fs.writeFileSync in the cmdScreenshot function to save browser captures to a user-provided file path.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion of untrusted external content from browser sessions.
  • Ingestion points: The ax-tree, dom, console, and network commands in scripts/cdp.js extract data (DOM structure, accessibility tree, and logs) from the current web page.
  • Boundary markers: The SKILL.md file includes an "External content warning" explicitly advising the agent to treat outputs from external sources with skepticism and to seek user confirmation before acting on instructions found within them.
  • Capability inventory: The skill provides powerful capabilities including navigating to arbitrary URLs, executing arbitrary JavaScript in the browser context via eval, and writing files to the disk.
  • Sanitization: The script mitigates injection from the agent into the browser by using JSON.stringify to escape arguments used in browser-side selectors and script execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 09:03 AM
Security Audit — agent-trust-hub — cdp-connect