og-image
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's logic is focused on legitimate project analysis and social media optimization. It requests user input for specific production details like domains and handles if they are not detected.
- [COMMAND_EXECUTION]: Utilizes browser-initiated tools (browser_navigate, browser_resize, browser_take_screenshot) to capture the generated OG image from a local development route, which is consistent with the stated purpose.
- [EXTERNAL_DOWNLOADS]: The provided templates reference web fonts from Google Fonts. This is a well-known and trusted service.
- [PROMPT_INJECTION]: The skill processes project-specific data (e.g., package.json, CSS tokens) which constitutes an indirect prompt injection surface. The capabilities are limited to local automation and do not involve network exfiltration or high-privilege access. Evidence: 1. Ingestion points: Reads framework configuration, design tokens, and branding assets from the local codebase (SKILL.md Phase 1). 2. Boundary markers: Absent. 3. Capability inventory: Browser navigation, screenshot capture, and local source code modification (SKILL.md Phase 3 and 4). 4. Sanitization: Not explicitly implemented.
Audit Metadata