Skills
skills/regexboi/skillz/on511-route-monitor/Gen Agent Trust Hub

on511-route-monitor

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill installs the playwright package and browser binaries. Playwright is a trusted dependency maintained by Microsoft.
  • [COMMAND_EXECUTION] (LOW): Executes Node.js and Playwright commands to perform web scraping. These operations are restricted to the skill's specific data collection task.
  • [PROMPT_INJECTION] (LOW): The skill is subject to Indirect Prompt Injection (Category 8) risks as it ingests data from external sources at 511on.ca.
  • Ingestion points: Road conditions, Waze incidents, and weather data scraped from the 511ON website via defined API endpoints.
  • Boundary markers: No explicit delimiters are used to separate scraped data from agent instructions in the provided documentation.
  • Capability inventory: The skill can control a browser via Playwright, write files to the local system (./tmp511-route-output), and perform network operations.
  • Sanitization: There is no evidence of sanitization for the scraped content before it is processed by the agent.
  • [COMMAND_EXECUTION] (LOW): Uses playwright-cli run-code to execute JavaScript for browser interaction. The snippets are static templates for navigating the target site and do not incorporate unvalidated user input.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 09:47 AM