page-collect
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to ingest untrusted data from external websites.
- Ingestion points: The
page-collect-bundle.jsscript extractsdocument.title, metadata tags, and visible body text from arbitrary URLs. - Boundary markers: Extracted data is written to structured JSON files (
metadata.json,text.json), but the individual string values within these files are raw and do not contain internal delimiters or 'ignore' instructions. - Capability inventory: The skill can execute shell commands via
playwright-cliand write files to the local filesystem usingnode:fs(found inscripts/page-collect.js). - Sanitization: The icon collector performs regex-based optimization on SVG content, but general text and metadata extraction does not perform sanitization of the scraped content. The skill provides an 'External content warning' in the documentation.
- [COMMAND_EXECUTION]: The skill executes the
playwright-clitool to interact with the browser and perform extraction. - Evidence:
spawnSync('playwright-cli', ...)is used inscripts/page-collect.jsto open target URLs and run extraction logic. The skill supports bothhttp(s)://andfile://protocols, the latter allowing the tool to be used for auditing local files. - [EXTERNAL_DOWNLOADS]: The browser-side bundle performs network requests to resolve remote assets.
- Evidence: The
resolveImgSvgfunction inscripts/page-collect-bundle.jsuses the browser'sfetch()API to download SVG image data from external sources during the icon collection process.
Audit Metadata