html-to-pdf
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external content, presenting an indirect prompt injection surface.\n
- Ingestion points: External HTML content is loaded via
page.goto(url)inscripts/export_to_pdf.py.\n - Boundary markers: No delimiters or instructions are used to prevent the agent from following instructions embedded in the HTML.\n
- Capability inventory: The skill can launch a browser, create directories (
os.makedirs), and write PDF files (page.pdf).\n - Sanitization: No sanitization or filtering is performed on the content of the URL or file being rendered.\n- [DATA_EXFILTRATION]: The script can read local files to perform conversions, which could be exploited if an attacker influences the input path.\n
- Evidence:
scripts/export_to_pdf.pyresolves local file paths and loads them using thefile://protocol for browser rendering.\n- [EXTERNAL_DOWNLOADS]: The skill involves downloading dependencies and browser binaries from well-known sources.\n - Evidence: The installation instructions in
SKILL.mdrequire theplaywrightpackage and the Chromium browser binary.\n- [COMMAND_EXECUTION]: The skill performs filesystem operations and launches sub-processes.\n - Evidence: The Python script uses
os.makedirsfor directory creation andplaywrightto launch and manage a Chromium browser instance.
Audit Metadata