generate-icon
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes system utilities
convert(ImageMagick) andiconutilto create multi-resolution bundles (.ico and .icns) from generated image files. - [EXTERNAL_DOWNLOADS]: Communicates with the Replicate API (
api.replicate.com) to perform background removal on icons using therembgmodel. - [REMOTE_CODE_EXECUTION]: Dynamically resolves and imports internal utility scripts (
utils.ts,resolve-root.ts) from the plugin's installation path using computed directory paths. - [DATA_EXFILTRATION]: Accesses the Claude plugin configuration file (
~/.claude/plugins/installed_plugins.json) to programmatically determine the plugin's root directory for loading shared utilities. - [PROMPT_INJECTION]: The skill interpolates user descriptions into an icon-generation template.
- Ingestion points: User-provided
promptvia CLI arguments inscripts/generate.ts. - Boundary markers: None; user input is directly inserted into the
ICON_PROMPT_TEMPLATEvia string replacement. - Capability inventory: Subprocess execution (
Bun.spawnSync), network requests (fetch), and file system writes (writeFile). - Sanitization: No sanitization or validation is applied to the input prompt string before it is sent to the AI model.
Audit Metadata