Skills
skills/felo-inc/felo-skills/doc-snapshot-agent/Gen Agent Trust Hub

doc-snapshot-agent

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads the Playwright MCP server and Chromium browser runtime via npx. It also uses the Python requests library for API calls to OpenRouter. All external resources are retrieved from official and well-known registries.
  • [COMMAND_EXECUTION]: Runs a bundled Python script for image generation and executes Playwright MCP tools for browser automation. It also uses browser evaluation to execute JavaScript for page state inspection.
  • [PROMPT_INJECTION]: The skill reads Markdown files from the cases directory and extracts image descriptions to use in prompts for image generation and browser navigation instructions.
  • Ingestion points: cases/{article-id}.md (image markers and summary tables).
  • Boundary markers: Absent for extracted image descriptions.
  • Capability inventory: Browser automation (clicking, filling), image generation (OpenRouter API), and local file system writes.
  • Sanitization: Extracted text is used directly without additional sanitization or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 01:37 PM