page-langs
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to install the
cld3-asmpackage from the NPM registry. This package is a well-known library for language detection and is sourced from a standard public registry. - [COMMAND_EXECUTION]: The workflow executes
playwright-clito interact with webpages andnodeto run the skill's logic scripts (collect.jsanddetect.mjs). These commands are used to process the target URL and write the results to a local output directory. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted text from external websites.
- Ingestion points: The
scripts/collect.jsscript extracts the full visible text content from the target URL's DOM. - Boundary markers: The extracted text is written to the
langs.jsonoutput file and summarized in the console without specific delimiters or warnings to prevent the agent from interpreting embedded text as instructions. - Capability inventory: The skill itself does not have high-privilege capabilities (like arbitrary command execution or network exfiltration) that use the ingested data; however, the agent reading the skill's output might be influenced by instructions found on the webpage.
- Sanitization: No filtering or sanitization is performed on the webpage text before it is presented to the agent or output to the file system.
Audit Metadata