htmlcss-to-image
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage from the npm registry. This is the official command-line interface provided by the vendor to interact with their platform services. - [COMMAND_EXECUTION]: Executes shell commands via the
membraneCLI to perform actions such as user authentication, connector searching, and running image generation tasks. These operations are within the scope of the skill's primary purpose. - [CREDENTIALS_UNSAFE]: Implements secure authentication by leveraging the
membrane loginflow. This design pattern ensures that API keys and tokens are managed server-side by the platform rather than being stored as plaintext in the skill configuration. - [PROMPT_INJECTION]: The skill processes external data, such as public URLs and user-provided HTML/CSS, which represents a surface for indirect prompt injection.
- Ingestion points: HTML input in
create-image-from-htmland URL input increate-image-from-url. - Boundary markers: No explicit delimiters are defined in the command templates for external content.
- Capability inventory: Shell command execution via the
membraneCLI. - Sanitization: None observed within the skill instructions; processing relies on the downstream service's rendering environment.
Audit Metadata