carousel-design
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to manage dependencies and run generated scripts, specifically
npm install puppeteerandnode [build-script].js. - [REMOTE_CODE_EXECUTION]: The skill employs dynamic code execution by generating a Node.js script at runtime. This script incorporates slide data from an external JSON source and executes the resulting code to perform rendering tasks.
- [EXTERNAL_DOWNLOADS]: The skill triggers the download and installation of the
puppeteerpackage from the official NPM registry if it is not detected in the local environment. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and renders HTML strings from an external JSON input (e.g., from
/carousel-copy) into a Puppeteer-controlled browser context. - Ingestion points: Data is read from
~/.claude/skills/carousel/config.jsonand external JSON slide data. - Boundary markers: None identified; placeholders are replaced via simple string substitution.
- Capability inventory: Subprocess execution (npm, node), file system access (read/write), and network access (via Puppeteer).
- Sanitization: No explicit sanitization or escaping of the HTML strings provided in the input data was observed.
Audit Metadata