msw-painter
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow requires several local shell commands, including the installation of the Puppeteer dependency and the execution of the rendering utility
node scripts/render.cjs.- [REMOTE_CODE_EXECUTION]: The rendering scriptscripts/render.cjsexecutes agent-generated code inside a Puppeteer instance. When using the Canvas medium, code is directly interpolated into a template's script block and executed. The browser is launched with the--no-sandboxand--disable-setuid-sandboxflags, which reduces security isolation between the rendered content and the host environment.- [DATA_EXFILTRATION]: The skill instructs the agent to upload the generated PNG file to an external URL (presigned URL) usingcurl -TorInvoke-WebRequest -InFile. This presents a data exfiltration surface where the agent could be manipulated via prompt injection to transmit sensitive local files (such as credentials or configuration files) instead of the intended image.- [REMOTE_CODE_EXECUTION]: The skill requires a large dependency download (Puppeteer) at runtime vianpm install. While Puppeteer is a well-known package, its automated installation and subsequent use to execute dynamic content increases the overall risk profile.
Audit Metadata