pm-image2proto
Pass
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill writes generated HTML prototype files and configuration data to the local filesystem. Prototype files are saved to a user-specified directory defined in references/config.json with filenames constructed using user-provided descriptions.
- [EXTERNAL_DOWNLOADS]: When producing flowcharts, the skill includes logic to fetch the Mermaid.js library from Cloudflare's CDN (cdnjs.cloudflare.com) via an HTML script tag.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted data from interaction history and visual inputs to influence current prototype generation.
- Ingestion points: interaction history in 'references/learning_log.jsonl', user-provided screenshots, and design requirement descriptions.
- Boundary markers: Absent; the skill does not implement delimiters or explicit instructions to treat historical log data or screenshot text as untrusted.
- Capability inventory: File system write and edit access for creating and modifying HTML prototypes.
- Sanitization: Absent; the skill does not perform validation, filtering, or sanitization of historical data or extracted visual text before interpolating it into the agent context.
Audit Metadata