skills/adobe/skills/page-langs/Gen Agent Trust Hub

page-langs

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to install the cld3-asm package from the NPM registry. This package is a well-known library for language detection and is sourced from a standard public registry.
  • [COMMAND_EXECUTION]: The workflow executes playwright-cli to interact with webpages and node to run the skill's logic scripts (collect.js and detect.mjs). These commands are used to process the target URL and write the results to a local output directory.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted text from external websites.
  • Ingestion points: The scripts/collect.js script extracts the full visible text content from the target URL's DOM.
  • Boundary markers: The extracted text is written to the langs.json output file and summarized in the console without specific delimiters or warnings to prevent the agent from interpreting embedded text as instructions.
  • Capability inventory: The skill itself does not have high-privilege capabilities (like arbitrary command execution or network exfiltration) that use the ingested data; however, the agent reading the skill's output might be influenced by instructions found on the webpage.
  • Sanitization: No filtering or sanitization is performed on the webpage text before it is presented to the agent or output to the file system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 09:02 AM
Security Audit — agent-trust-hub — page-langs