generate-release-screenshots
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute build commands (
dotnet build) and local shell/powershell scripts (scripts/*.sh,playwright.ps1) to perform screenshot generation. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of the Chromium browser using the Playwright framework's installation process. This is a trusted source but represents an external network dependency.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it processes external files that are rendered into visual content.
- Ingestion points: Data is read from Terraform plan files (
plan.json) and Markdown files (artifacts/*.md). - Boundary markers: No explicit markers or instructions are provided to the agent to treat the content of these files as untrusted or to ignore embedded instructions.
- Capability inventory: The skill is capable of executing shell and powershell scripts and compiling code on the local system.
- Sanitization: There is no evidence of input validation or content sanitization being applied to the files before they are rendered and captured as screenshots.
Audit Metadata