carousel-designer
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires executing
npm installandnode scripts/render.mjs. These commands are used to install dependencies and run the local rendering logic that produces PDF and PNG assets, which is the primary purpose of the skill.\n- [EXTERNAL_DOWNLOADS]: The skill fetches theplaywrightpackage from the npm registry and retrieves web assets from well-known services including Google Fonts and the Tailwind CSS CDN. These are documented as part of the standard build process.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface in its processing ofreferences/REFERENCES.md. This file is used for design inspiration but lacks security controls to prevent embedded instructions from influencing the agent's output.\n - Ingestion points: The agent reads and extracts patterns from
references/REFERENCES.mdduring the initial Design Intelligence phase.\n - Boundary markers: Absent. There are no delimiters or 'ignore' instructions used to isolate external reference content from the agent's main instructions.\n
- Capability inventory: The skill can write local files (
src/slides.html), execute shell commands via Node.js, and perform network requests through a headless browser.\n - Sanitization: Absent. The skill does not validate or sanitize the data extracted from references before using it to generate the carousel HTML.
Audit Metadata