export-pdf
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute several commands includingnode,mkdir,realpath, andwhich. - The instructions direct the agent to dynamically generate a Node.js script (
scripts/export-pdf.mjs) and execute it to perform the conversion. - There is a potential command injection surface in shell command templates like
mkdir -p $(dirname <output>), where unvalidated user input for file paths could be exploited depending on the agent's tool-call implementation. - [EXTERNAL_DOWNLOADS]: The skill requires the
puppeteerlibrary, which is downloaded from the npm registry. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external, potentially untrusted HTML content.
- Ingestion points: The skill reads local HTML files through the
<html-path>argument. - Boundary markers: No boundary markers or instructions to disregard instructions within the ingested HTML are provided.
- Capability inventory: The skill has access to
Bash(Node.js execution),Write, andReadtools, which could be leveraged if malicious instructions in the HTML are followed by the agent. - Sanitization: The skill does not include steps to sanitize or validate the HTML content before it is rendered by Puppeteer.
- Additional Risk: The Puppeteer script launches Chromium with the
--no-sandboxflag, which reduces the browser's security boundaries when processing potentially malicious HTML.
Audit Metadata