xhs-cover
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the $ARGUMENTS input.
- Ingestion points: The $ARGUMENTS variable in SKILL.md is used to extract title text and style preferences.
- Boundary markers: Absent; there are no instructions to the agent to use delimiters or specific ignore-instructions logic for the processed input.
- Capability inventory: The skill utilizes the Write tool to create local HTML files and the Bash tool to execute Python commands via Playwright.
- Sanitization: Absent; there are no requirements for the agent to escape or validate user-provided strings before inserting them into HTML templates or Python scripts.
- [COMMAND_EXECUTION]: The skill instructs the agent to dynamically generate and execute a Python script to perform rendering and screenshots. Evidence: Step 4 in SKILL.md provides a Python code block that the agent is expected to populate with dynamic values and execute using the Bash tool.
Audit Metadata