html-to-pdf
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (MEDIUM): The SKILL.md file contains strong instruction overrides ('CRITICAL', 'MANDATORY VERIFICATION', 'NOT optional') that force the agent into a specific verification and regeneration loop, overriding default agent behavior and operational autonomy.
- COMMAND_EXECUTION (MEDIUM): The skill utilizes Puppeteer to render arbitrary HTML and URLs. This capability can be exploited for Server-Side Request Forgery (SSRF) or Local File Inclusion (LFI) if the underlying script does not properly sanitize inputs or restrict browser capabilities.
- PROMPT_INJECTION (LOW): Evidence of Indirect Prompt Injection surface (Category 8). Ingestion points: Input HTML and remote URLs. Boundary markers: Absent. Capability inventory: Bash, Read, Write, Glob. Sanitization: Absent. The agent is explicitly instructed to read and verify output derived from untrusted sources, which could contain hidden malicious instructions.
- EXTERNAL_DOWNLOADS (LOW): The setup process requires running 'npm install' which downloads the 'puppeteer' package and a headless Chromium binary from the NPM registry.
Audit Metadata