pm-image2proto

Pass

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill writes generated HTML prototype files and configuration data to the local filesystem. Prototype files are saved to a user-specified directory defined in references/config.json with filenames constructed using user-provided descriptions.
  • [EXTERNAL_DOWNLOADS]: When producing flowcharts, the skill includes logic to fetch the Mermaid.js library from Cloudflare's CDN (cdnjs.cloudflare.com) via an HTML script tag.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted data from interaction history and visual inputs to influence current prototype generation.
  • Ingestion points: interaction history in 'references/learning_log.jsonl', user-provided screenshots, and design requirement descriptions.
  • Boundary markers: Absent; the skill does not implement delimiters or explicit instructions to treat historical log data or screenshot text as untrusted.
  • Capability inventory: File system write and edit access for creating and modifying HTML prototypes.
  • Sanitization: Absent; the skill does not perform validation, filtering, or sanitization of historical data or extracted visual text before interpolating it into the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 9, 2026, 04:36 PM
Security Audit — agent-trust-hub — pm-image2proto