create-html-carousel
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied text to populate HTML templates. This creates a surface where instructions or scripts embedded in the user's content could be rendered by the automated browser during the screenshot process.
- Ingestion points: User-provided carousel topic, brand handle, and slide content.
- Boundary markers: None present in the HTML templates.
- Capability inventory: The
screenshot-slides.jsscript launches a headless Chromium browser to render local files. - Sanitization: No explicit sanitization or escaping of user input is performed before interpolation into HTML.
- [COMMAND_EXECUTION]: The skill uses a Node.js script (
screenshot-slides.js) to automate a headless browser via Playwright. This script reads locally generated HTML files from the file system and executes them in a browser environment to produce PNG exports. - [EXTERNAL_DOWNLOADS]: The setup instructions direct the user to install the
playwrightlibrary and its associated Chromium browser binary from official registries and package repositories.
Audit Metadata