block-collection-and-party
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill fetches HTML and JSON from adobe.aem.live and aem.live, creating an indirect prompt injection surface.
- Ingestion points: get-block-structure.js and search-block-party.js retrieve data from external web sources.
- Boundary markers: None present to delimit external content for the agent.
- Capability inventory: Network GET operations and local file writes (caching) are the primary capabilities.
- Sanitization: No sanitization is performed on the natural language content of fetched data.
- EXTERNAL_DOWNLOADS (LOW): The skill defines a dependency on jsdom and performs remote data fetches from trusted Adobe and GitHub repositories.
- DATA_EXFILTRATION (LOW): Network access to aem.live is present but no sensitive local data exposure was identified.
Audit Metadata