The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requires the installation of the puppeteer package from the npm registry via npm install in the scripts/ directory to enable image rendering capabilities.
[COMMAND_EXECUTION]: The skill uses node to execute the scripts/render.cjs utility and instructs the agent to use curl or Invoke-WebRequest to upload binary data to a presigned URL.
[COMMAND_EXECUTION]: In scripts/render.cjs, the Puppeteer browser instance is launched with the --no-sandbox and --disable-setuid-sandbox flags. These settings disable essential security isolation features of the Chromium browser, potentially allowing code running inside the browser to escape and interact with the underlying host system.
[REMOTE_CODE_EXECUTION]: The scripts/render.cjs script performs dynamic execution by interpolating JavaScript code into an HTML template, which is then executed within the Puppeteer browser environment. This allows for the execution of arbitrary code logic generated during the sprite creation process.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it takes user requirements and translates them into executable code for rendering. Maliciously crafted user input could lead to the generation of code designed to exploit the un-sandboxed browser environment.
Ingestion points: User requests for custom sprites or icons as described in SKILL.md.
Boundary markers: Absent; there are no specific delimiters or instructions provided to the agent to treat user-provided descriptions as untrusted data when generating code.
Capability inventory: The skill can execute arbitrary JavaScript in a headless browser via scripts/render.cjs, write files to the disk via page.screenshot, and perform network operations.
Sanitization: Absent; the agent is instructed to write and execute code based on user intent without filtering or validation of the resulting script content.

msw-painter