skills/adobe/skills/page-reduce/Gen Agent Trust Hub

page-reduce

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Navigates to user-provided URLs to retrieve structural data. This is the documented primary purpose of the skill.
  • [COMMAND_EXECUTION]: Executes playwright-cli to perform browser automation tasks and runs temporary bootstrap scripts to extract page metadata.
  • [PROMPT_INJECTION]: Evaluated for indirect prompt injection risk as the skill processes untrusted webpage content.
  • Ingestion points: Raw HTML and text content from the target URL in Step 3.
  • Boundary markers: Replaces webpage content with semantic tokens (e.g., {TEXT}, {HEADING:n}, {CTA:label}) before Phase 2 processing, providing a layer of abstraction.
  • Capability inventory: Executes shell commands (playwright-cli), creates temporary files in /tmp, and writes output files (skeleton.html and manifest.json).
  • Sanitization: The injected JavaScript bundle performs extensive DOM cleaning, removing <script>, <style>, <meta>, and tracking attributes, and stripping styling tags before tokenization.
  • [SAFE]: The injected JavaScript bundle (scripts/page-reduce-bundle.js) is distributed with the skill and originates from the vendor's internal project for structural analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 09:03 AM
Security Audit — agent-trust-hub — page-reduce