Document design
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a shell script block intended for PDF generation using the
chromium-browserCLI. This involves copying files to a specific directory and executing the browser in headless mode with the--print-to-pdfflag. This is a standard and safe procedure for its stated purpose. - [EXTERNAL_DOWNLOADS]: The CSS patterns utilize
@importto fetch typography from Google Fonts (fonts.googleapis.com), which is a well-known and trusted service. This is documented neutrally as it does not constitute a security risk. - [PROMPT_INJECTION]: The skill defines a workflow where user-provided content and local configuration data are interpolated into HTML templates, which represents a surface for indirect prompt injection.
- Ingestion points: Data is sourced from user prompts for document content and the
.claude/pdf-playground.local.mdconfiguration file for branding details. - Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are provided for the template interpolation process.
- Capability inventory: The skill performs file system writes (HTML and PDF files) and shell command execution (
chromium-browser). - Sanitization: There are no explicit instructions for sanitizing or escaping content before it is rendered in the HTML document.
Audit Metadata