social-media-carousel
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references external installation documentation hosted on GitHub at 'inference-sh/skills' and suggests adding related skills via the 'npx' command. These resources originate from the vendor's official repositories.- [COMMAND_EXECUTION]: The skill utilizes the 'infsh' CLI for image generation tasks. Command execution is constrained by the platform's 'allowed-tools' configuration, which limits the 'Bash' tool to only execute commands starting with 'infsh'.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates user-provided content into HTML templates for image generation.
- Ingestion points: Untrusted user input is placed directly into the 'html' field of the 'infsh/html-to-image' tool payload (found in SKILL.md).
- Boundary markers: There are no delimiters or instructions provided to the agent or the rendering tool to ignore potential instructions embedded within the user text.
- Capability inventory: The skill has the capability to run CLI commands via Bash and perform network-based image generation via 'infsh'.
- Sanitization: No evidence of sanitization, escaping, or validation of the input text is present before it is used to build the HTML string.
Audit Metadata