huashu-design-html-native
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation process uses
npx skills add alchaincyf/huashu-design, which downloads and installs code from an unverified third-party repository. - [COMMAND_EXECUTION]: The skill invokes multiple local shell and Node.js scripts such as
render-video.js,convert-formats.sh, andadd-music.shto perform media encoding, video rendering via Playwright, and PDF/PPTX exports. - [PROMPT_INJECTION]: The Brand Asset Protocol introduces a surface for indirect prompt injection.
- Ingestion points: The agent is instructed to search for and download HTML and SVG assets from arbitrary external brand websites (e.g., brand.com/press) in SKILL.md.
- Boundary markers: Absent; there are no instructions or delimiters to isolate the agent from malicious instructions potentially embedded in the downloaded third-party HTML/SVG source.
- Capability inventory: The skill can execute shell scripts, run Node.js code, and automate browser actions via Playwright (SKILL.md).
- Sanitization: Absent; while the agent is told to grep for hex codes, it still processes the full content of untrusted external files without sanitization.
Audit Metadata