satori
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [Dependency Verification]: The skill provides instructions for installing @vercel/og and satori. These are official packages from the vendor and are considered standard for the intended purpose of image generation.
- [Input Handling]: Examples show how to incorporate URL search parameters into generated images. This is the intended functionality for creating dynamic social cards. While this creates a surface for indirect prompt injection if the resulting image is later processed by vision models, it is handled within the restricted Satori rendering environment.
- [File System Access]: The standalone Satori example uses fs.readFileSync to load font files. This is a required step for Satori's operation as it requires explicit font buffers to render text into SVG format, and the paths used are for non-sensitive assets.
Audit Metadata