beautiful-diagrams
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The diagram-generator.py script utilizes the subprocess module to execute ffmpeg for creating animated GIFs from rendered frames. This is an intended feature for generating animated content.
- [EXTERNAL_DOWNLOADS]: The skill documentation and script involve installing and using the playwright package and its associated browser binaries.
- [EXTERNAL_DOWNLOADS]: The generated diagrams fetch font assets from Google's official font services (fonts.googleapis.com).
- [PROMPT_INJECTION]: The skill processes untrusted JSON configuration data and interpolates it into HTML templates without escaping or sanitization. Ingestion point: diagram-generator.py via --config or --stdin. Capability inventory: file system writes (screenshots, HTML) and subprocess execution (ffmpeg). Sanitization: absent.
Audit Metadata