og-image-creator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute local Python scripts to analyze the project codebase and generate images. * Evidence: README.md references python scripts/analyze_codebase.py and python scripts/generate_og_images.py. * Risk: The script content is not provided, meaning any file read/write or network operations are unvetted.
- EXTERNAL_DOWNLOADS (LOW): Installation of the Playwright framework and Chromium browser is required. * Evidence: pip install playwright, playwright install chromium, and npm install playwright sharp. * Trust: Microsoft/Playwright is a trusted source per [TRUST-SCOPE-RULE].
- NO_CODE (INFO): The functional scripts referenced in the documentation are missing from the skill package. * Evidence: Files scripts/analyze_codebase.py and scripts/generate_og_images.py are listed in the structure but not provided.
- PROMPT_INJECTION (LOW): The skill ingests untrusted data from the local codebase to influence agent reasoning. * Evidence Chain: 1. Ingestion: Project codebase files (SKILL.md). 2. Boundary markers: Absent. 3. Capability: Python script execution and playwright browser rendering. 4. Sanitization: Not documented. * Surface: Malicious content in page metadata or design files could influence the design strategy phase via indirect prompt injection.
Audit Metadata