product-showcase
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing multiple shell commands to perform its tasks. It uses
capture-screenshots(from the localbin/directory),img-process, andpython3. It also useswranglervianpxfor deployment to Cloudflare. - [REMOTE_CODE_EXECUTION]: The skill uses
python3 -cto execute an embedded Python script that uses the Pillow library to combine multiple PNG files into an animated GIF. While the script logic is static within the instructions, the pattern of executing script content via a command-line string is an instance of dynamic execution. - [CREDENTIALS_UNSAFE]: The instructions for
capture-screenshotsinclude a recommendation to use an--auth user:passwordflag for authenticated applications. Providing credentials in plaintext via command-line arguments is an unsafe practice as it can lead to exposure in shell history, process monitors, or system logs. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the browser tools (Chrome MCP and Playwright MCP) when visiting user-provided application URLs.
- Boundary markers: There are no instructions or delimiters specified to help the agent distinguish between its own operational instructions and potentially malicious instructions embedded in the HTML or content of the browsed website.
- Capability inventory: The agent has significant capabilities including file system writes and shell command execution (
bash,python3,npx). - Sanitization: There is no evidence of content sanitization or validation of the data retrieved from external URLs before it is processed.
Audit Metadata