Skills
skills/thatrebeccarae/claude-marketing/social-preview/Gen Agent Trust Hub

social-preview

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands including gh api, gh repo view, and git remote to interact with GitHub repositories. It also provides a node -e command to execute a local script for image rendering.
  • [EXTERNAL_DOWNLOADS]: The instructions reference well-known external dependencies and services, specifically the puppeteer Node.js library and npx @vercel/og for image generation.
  • [DYNAMIC_EXECUTION]: The skill generates a specific Node.js script at runtime to handle the conversion of HTML templates into PNG images via a headless browser. This execution is confined to the local environment and the specific task of rendering.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests data from local repository files to populate templates.
  • Ingestion points: Project name and description are parsed from package.json, Cargo.toml, and pyproject.toml in Step 1 of the generation procedure.
  • Boundary markers: The skill does not explicitly define boundary markers or 'ignore' instructions for the data interpolated into the HTML template.
  • Capability inventory: The agent possesses the capability to execute shell commands (node -e, gh api) and perform file system operations.
  • Sanitization: There is no explicit mention of sanitizing or escaping the metadata retrieved from manifest files before it is rendered into the HTML output.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:55 PM