Skills
skills/beilunyang/visual-note-card-skills/visual-note-card/Gen Agent Trust Hub

visual-note-card

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a bundled Python utility script located at scripts/html2png.py to render generated HTML content into high-quality PNG images using the Playwright library.
  • [EXTERNAL_DOWNLOADS]: The generated HTML template fetches the html2canvas library from Cloudflare's CDN and typography assets from Google Fonts. Both are well-known and trusted external services.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted data from user-provided articles or topics is interpolated into HTML templates and subsequently rendered by a headless browser.
  • Ingestion points: User-provided topics, article text, or summarized content are ingested and inserted into placeholders within the assets/template.html file.
  • Boundary markers: Absent; user content is directly injected into the template without specific delimiters or instructions to the rendering engine to ignore embedded scripts.
  • Capability inventory: The scripts/html2png.py script executes a headless Chromium instance with --no-sandbox enabled, which reads local files and has the capability to perform network requests.
  • Sanitization: Absent; user-provided text is interpolated into the HTML template without explicit escaping or sanitization, which could potentially allow for script execution within the isolated Playwright environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 11:51 PM