Skills
skills/azhi-ss/ljg-skills/ljg-card/Gen Agent Trust Hub

ljg-card

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a local Node.js script (assets/capture.js) which launches a Chromium browser via Playwright. This execution path is necessary for the skill's primary function but grants the agent the ability to run arbitrary browser-based code.
  • [EXTERNAL_DOWNLOADS]: The skill requires the playwright Node.js package and its associated browser binaries. If these are missing, the skill's instructions suggest using npm install and npx playwright install, which fetches code from external registries.
  • [DATA_EXFILTRATION]: The skill is vulnerable to Indirect Prompt Injection. It processes untrusted data (from user input or external URLs via WebFetch) and injects it into HTML templates that are rendered locally using the file:// protocol. A malicious payload could use JavaScript to read local sensitive files and attempt to exfiltrate them.
  • Ingestion points: User-pasted text, content from external URLs via WebFetch, and local file paths as specified in SKILL.md.
  • Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore embedded instructions or scripts in the processed content.
  • Capability inventory: The skill uses assets/capture.js to launch a browser that renders HTML from local paths, providing a bridge between untrusted content and the local filesystem.
  • Sanitization: Absent. There is no requirement for the agent to sanitize, escape, or validate the content before it is embedded into the HTML templates for rendering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 07:12 PM