create-html-carousel
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches typography and styling assets from well-known services including Google Fonts and Fontshare.
- [EXTERNAL_DOWNLOADS]: During setup, the skill downloads the Chromium browser binary via the official Playwright installation command (
npx playwright install chromium). - [COMMAND_EXECUTION]: The skill executes a provided Node.js script (
screenshot-slides.js) to manage the automated screenshot process for generated slides within the local workspace. - [DATA_EXFILTRATION]: No signs of data exfiltration were detected. All generated content is stored locally, and network usage is restricted to fetching assets from trusted providers.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user input for slide content and branding. While it lacks explicit sanitization instructions for this input, the risk is minimal as the content is rendered in a local headless browser session specifically for static image generation.
Audit Metadata