Skills
skills/vm0-ai/vm0-skills/htmlcsstoimage/Gen Agent Trust Hub

htmlcsstoimage

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses curl to send POST requests to the HTMLCSStoImage API (https://hcti.io/v1/image). This is the intended use of the skill to render images from HTML or URLs.\n- [PROMPT_INJECTION]: Potential for indirect prompt injection as the skill is designed to ingest and process untrusted user data (HTML, CSS, and URLs) which is then sent to an external rendering service.\n
  • Ingestion points: User-provided HTML, CSS, and URL content (SKILL.md)\n
  • Boundary markers: Absent\n
  • Capability inventory: Shell execution using curl to an external API (SKILL.md)\n
  • Sanitization: Absent
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 08:04 AM