Skills
skills/alahmadiq8/skills/fabric-icons/Gen Agent Trust Hub

fabric-icons

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill references and downloads SVG icons from a GitHub repository (AlahmadiQ8/icons) that is not part of the trusted organizations list. While the files are static images, the source is unverified.
  • [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface through its reliance on references/index.json (which is processed by the search script).
  • Ingestion points: The scripts/search_icons.py script reads and parses references/index.json to perform searches.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the search logic.
  • Capability inventory: The search_icons.py script performs fuzzy matching and string normalization but does not execute external commands or evaluate code.
  • Sanitization: The _normalize function in scripts/search_icons.py uses regex (re.sub) to strip non-alphanumeric characters from inputs, providing basic protection against payload execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 06:55 PM