extract
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes untrusted content from external websites (headings, text, metadata) using an LLM to identify page types and design modules, creating a risk of indirect prompt injection.
- Ingestion points: HTML content is fetched from external URLs provided as input and stored in "stardust/current/pages/".
- Boundary markers: There are no explicit delimiters or specific instructions to the LLM to ignore commands that may be embedded in the extracted site content.
- Capability inventory: The agent has access to the host shell via "npx playwright" and the ability to write files to the local directory.
- Sanitization: No sanitization or escaping of the crawled content is described before it is processed by the LLM.
- [COMMAND_EXECUTION]: The skill uses the shell to execute "npx playwright" for browser automation. This is a core functionality required to crawl and render the target websites.
- [EXTERNAL_DOWNLOADS]: The skill downloads brand assets such as images, logos, and font files from the target website's origin to the local "stardust/current/assets/" directory. This is expected behavior for its stated purpose.
Audit Metadata