slides
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's HTML templates reference external libraries from well-known and trusted providers, including Tailwind CSS (cdn.tailwindcss.com), Google Fonts (fonts.googleapis.com), and Lucide Icons (unpkg.com). These are used for document styling and iconography.
- [COMMAND_EXECUTION]: The html_to_pdf.py script executes 'playwright install chromium' using subprocess.run. This is a legitimate operation required to install the headless browser needed for PDF generation.
- [REMOTE_CODE_EXECUTION]: The skill uses Playwright to render HTML, which can include JavaScript from remote CDNs. This is the intended functionality for creating visual documents and utilizes trusted sources.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it renders HTML content that could contain embedded instructions if the source is untrusted.
- Ingestion points: The conversion script accepts an HTML file path as input.
- Boundary markers: Not present; the content is rendered as a full document.
- Capability inventory: The skill can execute shell commands for setup and perform network requests for assets via the browser.
- Sanitization: No sanitization or filtering is performed on the input HTML before it is passed to the browser engine.
Audit Metadata