Skills
skills/membranedev/application-skills/htmlcss-to-image/Gen Agent Trust Hub

htmlcss-to-image

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the NPM registry. This is a vendor-controlled tool used to facilitate integration with the Membrane platform.
  • [COMMAND_EXECUTION]: The instructions guide the agent to perform multiple shell operations using the installed CLI, including membrane login, membrane connect, and membrane action run. This grants the agent the capability to interact with external services via the command line.
  • [PROMPT_INJECTION]: There is a potential for indirect prompt injection as the skill processes untrusted input (HTML, CSS, and search queries) and interpolates them into CLI commands without explicit boundary markers or sanitization. * Ingestion points: User-provided data in SKILL.md via the --intent and --input arguments. * Boundary markers: None. * Capability inventory: Execution of CLI commands and network access. * Sanitization: None.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 03:10 PM
Security Audit — agent-trust-hub — htmlcss-to-image