skills/adobe/skills/distill/Gen Agent Trust Hub

distill

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it extracts verbatim text (headlines, paragraphs, CTAs, and navigation labels) from untrusted external sources (static files and live URLs) and incorporates them into a narrative brief (SAMPLES.md) used by downstream agent skills. There is no explicit sanitization or use of robust boundary markers to prevent malicious text within a sample site from influencing the AI's behavior when it later reads the generated brief.
  • Ingestion points: Local files in samples/static/ and external websites listed in samples/live/urls.json.
  • Boundary markers: The SAMPLES.md format utilizes standard Markdown headers and tables but does not define specific delimiters or instructions to ignore potential commands embedded in the extracted content.
  • Capability inventory: The skill performs file system write operations (SAMPLES.md, trait-matrix.json, state.json) and network fetching.
  • Sanitization: The skill captures verbatim text from the DOM without documented filtering or escaping.
  • [EXTERNAL_DOWNLOADS]: The skill uses Playwright to fetch and render live websites specified by the user. This involves standard network operations to download HTML content and associated assets for analysis.
  • [COMMAND_EXECUTION]: The skill executes npx playwright to perform browser-based rendering and style extraction. This is a legitimate use of a technology tool required for the skill's stated purpose of analyzing website designs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 11:50 PM
Security Audit — agent-trust-hub — distill