insight-pdf
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the Chromium browser binary via Playwright during the installation phase. It also retrieves external JavaScript libraries (Chart.js and ECharts) and web fonts from well-known CDNs (jsDelivr and Google Fonts) at runtime when generating the PDF. These sources are considered trusted or well-known technology services.
- [COMMAND_EXECUTION]: The skill execution involves running shell commands for dependency setup (
npm install) and browser binary installation (npx playwright install chromium). The core functionality relies on executing a Node.js script (scripts/convert.js) which manages the headless browser lifecycle. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data processing workflow.
- Ingestion points: User-provided text or Markdown is interpolated into the
{{REPORT_BODY}}placeholder intemplates/insight-report.htmlwithout prior validation. - Boundary markers: The template lacks delimiters or instructions to the rendering engine to treat the interpolated content as untrusted data.
- Capability inventory: The
scripts/convert.jsscript uses Playwright to render the HTML. This environment has the capability to access the local file system using thefile://protocol and can initiate outbound network requests. - Sanitization: There is no evidence of HTML sanitization or the implementation of a Content Security Policy (CSP) to restrict the browser's actions, which could allow an attacker to embed malicious tags to extract sensitive local files or perform internal network scanning.
Audit Metadata