Brand
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill directs the agent to execute local shell commands such as 'mkdir', 'cp', and 'zip' in 'Workflows/07-Packaging.md' to organize brand assets in the user's Downloads directory. It also uses 'rsvg-convert' and 'qlmanage' in 'Workflows/03-MarkDevelopment.md' for visual verification and asset conversion.
- [EXTERNAL_DOWNLOADS] (LOW): The 'TOOLS-REQUIRED.md' documentation encourages the installation of third-party tools like 'vtracer', 'potrace', and 'librsvg' via system package managers (Homebrew, APT) and 'svgo' via NPM to support vector tracing and SVG optimization.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8). Ingestion points: 'Workflows/01-Discovery.md' instructs the agent to research project context by reading 'README.md', 'CLAUDE.md', package manifests, and source code. Boundary markers: Absent. Capability inventory: 'Workflows/03-MarkDevelopment.md' and 'Workflows/07-Packaging.md' involve shell command execution and file generation. Sanitization: Absent. Malicious instructions placed in project files could influence the agent's behavior during the brand development process.
Audit Metadata