html-to-pdf
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process untrusted HTML data which can contain embedded instructions targeting the AI agent.
- Ingestion points: The
html_to_long_image.pyscript accepts arbitrary HTML file paths as command-line arguments. - Boundary markers: Absent. The script lacks any delimiters or safety instructions to prevent the agent from interpreting the content of the HTML files.
- Capability inventory: The AI agent utilizing this skill typically possesses file system access and command execution capabilities (evidenced by the skill's own use of
subprocess). - Sanitization: Absent. The HTML is rendered directly via Playwright without any sanitization or filtering of script tags or malicious metadata.
- Unverifiable Dependencies (MEDIUM): The script
html_to_long_image.pyperforms runtime installation of Python packages (playwright,Pillow) usingsubprocess.check_call([sys.executable, '-m', 'pip', 'install', ...]). This bypasses secure dependency management and exposes the system to supply chain attacks or environment poisoning at runtime. - Command Execution (LOW): The skill documentation and scripts rely on several shell commands (
pip,playwright install,chmod +x,open) for installation and operation, increasing the execution footprint. - Missing Components (LOW): The
SKILL.mdfile referenceshtml_to_pdf_final.pyandhtml_to_pdf_converter.py, which are not included in the provided file list. This prevents a complete security audit of the skill's full capabilities and creates potential for the agent to attempt to execute non-existent or unverified code.
Recommendations
- AI detected serious security threats
Audit Metadata