favicon
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes shell commands using
magick(ImageMagick) andcp. While these are restricted to the primary task of image processing and file placement, they involve subprocess execution with a user-provided path$1as an argument. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) due to its handling of untrusted project data.
- Ingestion points: The skill reads
package.json,site.webmanifest, andconfig/application.rbfrom the local file system to determine the application name. - Boundary markers: The skill does not use delimiters or explicit 'ignore embedded instructions' warnings when interpolating the extracted application name into the manifest or HTML layout files.
- Capability inventory: The skill possesses file-write capabilities across multiple layout types (HTML, ERB, TSX) and subprocess execution via ImageMagick.
- Sanitization: No sanitization or validation logic is defined for the extracted metadata strings before they are injected into project files.
Audit Metadata