The Agent Skills Directory

[SAFE]: The skill is a benign graphics automation utility. It contains no obfuscated code, credentials, or network-based exfiltration logic. Its operations are limited to local template processing and internal tool calls.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by design. It allows user-provided text to be inserted into HTML templates without explicit validation or sanitization instructions. Evidence: 1. Ingestion points: User-provided values for variables like headline and tagline in reference HTML files. 2. Boundary markers: Absent. 3. Capability inventory: The html-to-image-render tool is used to process generated HTML. 4. Sanitization: No sanitization logic is described.\n- [NO_CODE]: The skill package does not include any executable scripts or binary files, relying entirely on Markdown instructions and HTML markup.

text-card