concept-to-image
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where untrusted user input (the 'concept') is used to generate HTML content that is subsequently rendered in a browser.\n
- Ingestion points: User concept input processed in
SKILL.md(Step 1) and transformed into HTML.\n - Boundary markers:
SKILL.mdincludes instructions to keep HTML self-contained with no external resources, which serves as a behavioral constraint but not a technical boundary.\n - Capability inventory:
scripts/render_to_image.pyexecutes a headless Chromium process using Playwright to render and screenshot HTML artifacts.\n - Sanitization: Absent; the Python rendering script does not sanitize or validate the HTML content before execution.\n- [COMMAND_EXECUTION]: The skill invokes a local Python script
scripts/render_to_image.pyto handle the rendering process. This script launches a browser process with the--no-sandboxflag, which disables significant security isolation features of the Chromium browser.
Audit Metadata