writing-assistance-apis

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a local script scripts/find-writing-assistance-targets.mjs to inventory the workspace and identify frontend files suitable for API integration. The script performs read-only file system operations using the Node.js runtime.
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the @types/dom-chromium-ai npm package to provide TypeScript definitions for the experimental browser APIs. This is a standard development dependency.
  • [PROMPT_INJECTION]: The skill implements APIs designed to process untrusted data, such as web page content and user input, which presents an indirect prompt injection surface.
  • Ingestion points: Data is ingested from the browser environment (e.g., article.innerText) as shown in references/examples.md and SKILL.md Step 4.
  • Boundary markers: No explicit delimiters are used in the examples, though the skill provides guidance on data handling.
  • Capability inventory: The skill utilizes the browser's built-in Summarizer, Writer, and Rewriter APIs. These operate within the browser sandbox and do not have access to the underlying operating system or file system.
  • Sanitization: Step 4.3 of the procedures in SKILL.md explicitly instructs to "Strip or normalize HTML before summarization or rewriting" to mitigate issues with rendered content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 12:46 AM
Security Audit — agent-trust-hub — writing-assistance-apis