text-card-generator
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses a helper script (
scripts/download-fonts.sh) to fetch various font assets from external sources including jsDelivr, Fontshare, and GitHub repositories (e.g., Google Fonts, TrionesType, and subframe7536). - [COMMAND_EXECUTION]: The workflow involves executing local scripts to perform its tasks:
scripts/download-fonts.shdownloads and organizes font files locally.scripts/render-cards.mjsuses Playwright to launch a headless browser and capture screenshots of generated HTML pages.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted user data into HTML for rendering.
- Ingestion points: User-provided
content(text, topic, or URL) is collected as the primary input inSKILL.md. - Boundary markers: No specific delimiters or "ignore instructions" warnings are used when interpolating this content into the HTML templates.
- Capability inventory: The skill utilizes
render-cards.mjswhich has the capability to write to the file system (image export) and utilize Playwright for browser-based rendering. - Sanitization: There is no evidence of sanitization or escaping of the user-provided text before it is inserted into the card's HTML structure.
Audit Metadata