Skills
skills/spencerpauly/awesome-cursor-skills/exporting-to-png/Gen Agent Trust Hub

exporting-to-png

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands using npx, node -e, docker, and various CLI utilities like silicon, inkscape, and convert to perform file conversions.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx and docker to fetch official packages and container images from well-known registries like NPM and Docker Hub.
  • [PROMPT_INJECTION]: The skill renders untrusted HTML, SVG, and Mermaid content, creating a surface for indirect prompt injection. 1. Ingestion points: Content is passed to rendering engines in SKILL.md. 2. Boundary markers: No delimiters are specified to isolate user content. 3. Capability inventory: The skill has access to subprocess execution and potentially the local filesystem via browser engines in SKILL.md. 4. Sanitization: No sanitization or escaping of user input is performed before rendering.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 09:44 PM