feature-image
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the Playwright framework and Chromium browser binaries using 'npx playwright install chromium'. These are legitimate dependencies from a well-known service (Microsoft) required for the skill's rendering and screenshot functionality.
- [COMMAND_EXECUTION]: Executes several local commands including 'git log', 'git diff', and 'git branch' to gather context about recent code changes. It also uses 'node' to run image capture scripts and 'rm' for cleaning up temporary files.
- [REMOTE_CODE_EXECUTION]: Dynamically generates a Node.js script at '/tmp/feature-image-capture.mjs' and executes it to control the browser via Playwright. This script is created at runtime based on the project's specific branding and dimensions.
- [PROMPT_INJECTION]: The skill reads and processes untrusted data such as git commit messages, branch names, and UI component code to automatically suggest headlines and tags. This creates a potential vector for indirect prompt injection, where malicious text within a commit could be used to manipulate the agent's logic or the content of the generated image.
- Ingestion points: git log, git diff, tailwind.config.js, and various source code files (Phase 2, Phase 6).
- Boundary markers: None identified in the prompt templates used to synthesize text.
- Capability inventory: Subprocess calls (npx, git, node), file writing (/tmp), and network operations (Playwright browser downloads).
- Sanitization: No evidence of sanitization or escaping of the ingested codebase data before interpolation into the generation logic.
Audit Metadata