brand-system
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill generates a JavaScript configuration file (
identity.js) and a Node.js script to execute its internal rendering engine. This process is used to create visual previews and is confined to the user's working directory. - [EXTERNAL_DOWNLOADS]: The rendering engine downloads typography assets from the Google Fonts CDN (fonts.googleapis.com) to provide the correct font specimens in the generated PDF. This uses a well-known service for its intended purpose.
- [DATA_EXFILTRATION]: No patterns of unauthorized data access or exfiltration were detected. The skill writes artifacts to the local directory and uses temporary system storage for intermediate rendering files.
- [DYNAMIC_EXECUTION]: The skill uses string interpolation to build HTML for PDF rendering, including an optional
logoSVGfield. While this allows for dynamic content generation, it is used for rendering user-defined brand assets in a local context.
Audit Metadata