content-asset-creator
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes user-supplied 'Content data' and interpolates it into prompts sent to external APIs (Gamma and v0.dev) or directly into HTML templates. This surface allows untrusted data to influence the generation process.
- Ingestion points: User-provided structured YAML content in the 'Content data' input field.
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the data processed by external APIs.
- Capability inventory: Performs network operations (curl to Gamma/v0 APIs), writes HTML files to the local file system, and executes shell commands (npx playwright).
- Sanitization: There is no evidence of input validation or escaping for the user-supplied content before it is interpolated into templates or API requests.
- [COMMAND_EXECUTION]: The skill uses
npx playwrightto convert generated HTML files into PDF documents. This involves executing external commands that interact with the local file system and potentially a headless browser environment. - [EXTERNAL_DOWNLOADS]: The skill performs network operations to external services and incorporates remote resources at runtime:
- Makes API requests to
api.gamma.appandapi.v0.devfor content generation. - The generated HTML templates include references to external CDNs for Tailwind CSS (
cdn.tailwindcss.com) and Google Fonts (fonts.googleapis.com).
Audit Metadata