Skills
skills/ceeon/openclaw-article-to-image/article-to-html/Gen Agent Trust Hub

article-to-html

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local shell and Node.js scripts (scripts/post-process.sh and scripts/fix-html.js) to post-process generated HTML files. These scripts modify CSS properties to ensure visual consistency and do not perform unauthorized system operations.
  • [EXTERNAL_DOWNLOADS]: The HTML templates reference external assets from well-known and trusted services, specifically Google Fonts (fonts.googleapis.com). These references are documented and used for standard web styling purposes.
  • [DYNAMIC_EXECUTION]: The post-process.sh script employs a short Python command to inject CSS overrides into the generated HTML. This execution is limited to string manipulation of the target document within the local workspace.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-provided content (articles/notes) to generate infographics. While this creates a potential surface for indirect prompt injection, the risk is minimized as the output is restricted to static HTML/CSS and image generation, with no sensitive data access involved.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 03:30 PM
Security Audit — agent-trust-hub — article-to-html