phoenix-frontend
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
uvxto install thesvgpathtoolslibrary from PyPI, which is a standard dependency required for the SVG scaling script. - [COMMAND_EXECUTION]: The agent executes a local Python utility (
scale-svg.py) anduvxcommands to automate the resizing and conversion of SVG assets into React components. - [SAFE]: The skill manages a workflow for processing user-supplied SVG markup, which is an indirect prompt injection surface. However, the provided script mitigates common security risks by filtering potentially dangerous tags.
- Ingestion points: User-provided raw SVG markup or file paths in the
resize-svg-logo-assets.mdworkflow. - Boundary markers: Absent for the untrusted SVG input.
- Capability inventory: Local script execution and modification of source files in the
app/directory. - Sanitization: The
scale-svg.pyscript specifically filters outscriptandstyletags during its execution.
Audit Metadata