og-image
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [External Downloads] (MEDIUM): The skill references an external script from
unpkg.com(https://unpkg.com/lucide@latest). This creates a dependency on a third-party CDN that is not in the trusted scope, posing a supply chain risk. - [Data Exfiltration] (LOW): User-supplied data (e.g., image text) is sent to a third-party API (
https://html2png.dev/api/convert) for processing. This could lead to the exposure of information provided to the agent to an external entity. - [Indirect Prompt Injection] (LOW): The skill handles untrusted data (text for images) without explicit sanitization or boundary markers. While the output is an image, the rendering engine at the remote endpoint could be subject to HTML/JS injection if input is not handled carefully.
Audit Metadata