copy-as-image
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill performs its described function using standard software practices.\n- [EXTERNAL_DOWNLOADS]: Installs standard Node.js dependencies (marked, playwright) and fetches theme typography from Google Fonts during the rendering process.\n- [COMMAND_EXECUTION]: Executes platform-specific clipboard utilities (osascript on macOS, xclip/xsel on Linux) to facilitate the copying of generated PNG images.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing conversation history.\n
- Ingestion points: Ingests assistant responses by writing them to a temporary Markdown file as seen in SKILL.md.\n
- Boundary markers: Employs a quoted heredoc delimiter ('CLAUDE_EOF') to prevent unintended shell expansion of the content.\n
- Capability inventory: Operations include file writing, Markdown parsing, headless browser rendering, and clipboard interaction.\n
- Sanitization: The input is rendered into HTML via the marked library without additional sanitization, though any potentially malicious code would be isolated within the temporary headless browser session used to take the screenshot.
Audit Metadata