Skills
skills/ericjy/inkframe/markdown-to-image/Gen Agent Trust Hub

markdown-to-image

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the inkframe CLI through npx, involving subprocess execution in the agent's environment. The documentation also suggests the use of shell job control (background processes via & and wait) for parallel rendering tasks.
  • [EXTERNAL_DOWNLOADS]: Running npx inkframe triggers a download of the package from the public NPM registry if it is not already present in the environment.
  • [DATA_EXFILTRATION]: The CLI tool supports an @ prefix convention (e.g., --content @file.md) that allows it to read local files from the agent's filesystem and transmit their contents to the inkframe.dev API for rendering. This capability creates a surface for potential data exposure if the agent is directed to read sensitive files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 03:39 AM