msw-painter

Warn

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill workflow requires several local shell commands, including the installation of the Puppeteer dependency and the execution of the rendering utility node scripts/render.cjs.- [REMOTE_CODE_EXECUTION]: The rendering script scripts/render.cjs executes agent-generated code inside a Puppeteer instance. When using the Canvas medium, code is directly interpolated into a template's script block and executed. The browser is launched with the --no-sandbox and --disable-setuid-sandbox flags, which reduces security isolation between the rendered content and the host environment.- [DATA_EXFILTRATION]: The skill instructs the agent to upload the generated PNG file to an external URL (presigned URL) using curl -T or Invoke-WebRequest -InFile. This presents a data exfiltration surface where the agent could be manipulated via prompt injection to transmit sensitive local files (such as credentials or configuration files) instead of the intended image.- [REMOTE_CODE_EXECUTION]: The skill requires a large dependency download (Puppeteer) at runtime via npm install. While Puppeteer is a well-known package, its automated installation and subsequent use to execute dynamic content increases the overall risk profile.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 03:10 AM
Security Audit — agent-trust-hub — msw-painter