Skills
skills/aston1690/newsletter-designer-skill/newsletter-designer/Gen Agent Trust Hub

newsletter-designer

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local maintenance and generation scripts using shell commands.
  • Executes python3 scripts/flux_image.py to generate hero images.
  • Executes node scripts/export_pdf.js to render the final PDF.
  • Invokes npm install within the scripts directory to manage dependencies.
  • [EXTERNAL_DOWNLOADS]: The skill fetches external resources during its execution flow.
  • The flux_image.py script downloads generated image files from remote URLs provided by image generation providers.
  • Downloads the puppeteer package and its required browser binaries via NPM.
  • [DATA_EXFILTRATION]: The skill transmits data to external service providers to fulfill its primary purpose.
  • Transmits user-provided prompts and API keys (BFL_API_KEY, OPENROUTER_API_KEY) to Black Forest Labs (api.bfl.ml) and OpenRouter (openrouter.ai) endpoints.
  • Extracts content from user-provided URLs during the brand extraction phase.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
  • Ingestion points: Untrusted data enters the agent context via the 'Client website URL' (Phase 1) and raw 'Newsletter content' (Phase 0) provided by users.
  • Boundary markers: No explicit delimiters or instructions are used to isolate the scraped website content or user text from the agent's core instructions.
  • Capability inventory: The skill possesses the ability to execute shell commands (python3, node), perform network requests (urllib), and write files to the local disk (./output/).
  • Sanitization: There is no evidence of sanitization or filtering of the external content before it is interpolated into the HTML template or processed by the AI model. An attacker-controlled website could include instructions that influence the agent's behavior during the design process.
  • [COMMAND_EXECUTION]: The PDF generation script (export_pdf.js) launches a headless browser with the --no-sandbox and --disable-setuid-sandbox flags. This reduces the security isolation of the browser process while it renders HTML that may contain untrusted content derived from scraped websites.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 07:28 PM