Skills
skills/hanfangyuan4396/text-card-skills/html-to-image-render/Gen Agent Trust Hub

html-to-image-render

Warn

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions and documentation guide the agent to execute a TypeScript script using the npx -y tsx command, which allows for direct execution of code in the local environment.
  • [DATA_EXFILTRATION]: The script scripts/render-html-to-image.ts implements a data transfer chain where it reads the content of a local file provided via the --input flag and transmits it to https://html2image.hanfangyuan.cn/api/html2image. This results in local data being sent to an external service controlled by the skill author.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted HTML data which serves as an ingestion point for potentially malicious instructions.
  • Ingestion points: The script reads local files specified by the user in scripts/render-html-to-image.ts.
  • Boundary markers: Absent; the HTML content is processed as a raw string without delimitation.
  • Capability inventory: The skill can perform network requests (fetch) and write files to the local disk (writeFile).
  • Sanitization: Absent; the input HTML is not sanitized or validated before being sent to the remote API.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 31, 2026, 12:49 PM