html-to-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script launches a headless Chromium instance using Puppeteer with the --no-sandbox flag. This is a security-reducing configuration that disables the browser's multi-process sandbox. While common for execution in restricted environments like Docker containers, it reduces the isolation between the browser process and the host system.
- [EXTERNAL_DOWNLOADS]: The skill requires the puppeteer Node.js package, which downloads a Chromium browser binary during installation. This is a documented behavior of the library.
- [EXTERNAL_DOWNLOADS]: The conversion process fetches font configuration from Google Fonts (fonts.googleapis.com) to support multilingual text rendering in the generated PDF.
- [PROMPT_INJECTION]: The skill processes user-supplied HTML files, creating an indirect prompt injection surface. Maliciously crafted HTML could attempt to execute scripts in the browser context or influence the agent's behavior.
- Ingestion points: User-provided HTML files are read by fs.readFileSync in html-to-pdf.js.
- Boundary markers: None present.
- Capability inventory: The skill can read and write to the local file system and perform network operations via the browser.
- Sanitization: No input sanitization is performed on the HTML content before rendering.
Audit Metadata