Skills
skills/espennilsen/pi/penpot-workflow/Gen Agent Trust Hub

penpot-workflow

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's 'Visual Review' workflow instructs the agent to perform cleanup using a shell command (rm /tmp/penpot-<page-name>.png). This creates a vulnerability where a maliciously named Penpot page could trigger unintended command execution if the agent does not sanitize the input.
  • Ingestion points: Page names are retrieved from the Penpot platform via the penpot or penpot_page tools (SKILL.md).
  • Boundary markers: The skill provides no delimiters or instructions to treat the <page-name> as literal text, allowing shell metacharacters to be interpreted by the shell.
  • Capability inventory: The skill utilizes bash for file operations and playwright for web navigation, providing a potential path for both execution and network access.
  • Sanitization: No sanitization or validation of the page name is performed before interpolation into the rm command.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 02:13 PM