skills/adobe/skills/diff/Gen Agent Trust Hub

diff

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes Node.js scripts that automate browser sessions using Playwright. These scripts implement specialized bot-evasion techniques, such as spoofing user agents and navigator properties, to navigate websites protected by edge security services like Akamai or Cloudflare.
  • [EXTERNAL_DOWNLOADS]: The tool requires the installation of the playwright library from the public npm registry to perform its browser-based analysis tasks.
  • [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by ingesting and analyzing content from arbitrary external URLs.
  • Ingestion points: External web content is loaded via Playwright in the content-diff.mjs and visual-diff.mjs scripts.
  • Boundary markers: No explicit markers or instructions are used to delimit the external content within the agent's context.
  • Capability inventory: The skill can automate browsers, write screenshots to the local file system, and output data to the console.
  • Sanitization: No sanitization or filtering is performed on the ingested page content before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 06:41 AM
Security Audit — agent-trust-hub — diff