threads-carousel
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands to manage its workflow, including creating temporary directories, synchronizing template files, and launching a Next.js development server (
bun dev --port 3333) to provide a live preview of the generated carousel. These operations are restricted to the local environment and are necessary for the skill's stated purpose. - [EXTERNAL_DOWNLOADS]: The skill's template includes a
package.jsonfile that specifies standard dependencies such asnext,react,html-to-image, andjspdf. These are fetched from official package registries during the initial setup (bun install). These sources are well-known and standard for web development. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection (Category 8) because it processes untrusted user-supplied text to generate slide content.
- Ingestion points: Untrusted data enters the agent context through user-provided text posts or Markdown files referenced in Step 1 of the workflow.
- Boundary markers: The instructions do not specify the use of boundary markers or 'ignore' instructions when the agent interpolates user text into the
src/slides.tsfile. - Capability inventory: The skill possesses the capability to write files to the local file system and execute shell commands (
cp,rsync,bun dev). - Sanitization: No specific sanitization or escaping logic is defined for the user input; the skill relies on the agent's internal logic to correctly format the data into a TypeScript array structure.
Audit Metadata