blog-figure
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts and browser automation tools (including Playwright and Chrome) to render and capture figures, which is aligned with its intended purpose.\n- [EXTERNAL_DOWNLOADS]: The generated HTML figures fetch the D3.js visualization library from its official CDN and font assets from Google Fonts.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it extracts content from untrusted blog files and user descriptions to populate HTML templates. Maliciously crafted input could attempt to execute scripts within the local browser context during the rendering process.\n
- Ingestion points: MDX/MD blog files and user-provided keywords or descriptions.\n
- Boundary markers: The workflow includes a 'Content Brief' confirmation step where the agent presents its interpretation to the user for validation before figure generation.\n
- Capability inventory: File writing to the local filesystem and shell command execution for browser automation and rendering.\n
- Sanitization: The workflow does not explicitly specify sanitization or escaping of user-provided content before its interpolation into HTML templates.
Audit Metadata