svg-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a custom shell script (
scripts/archive.sh) to extract SVG code from processed articles and save them into a structured local archive directory. This allows users to keep a history of generated designs. - [COMMAND_EXECUTION]: A Node.js utility (
scripts/svg2png.js) is used to render SVG files into high-quality PNG images. It utilizes Puppeteer to launch a headless browser instance for accurate rendering of fonts and emojis. - [EXTERNAL_DOWNLOADS]: The PNG export functionality requires the installation of the
puppeteerNode.js package. This is a standard dependency for headless browser automation and image rendering. - [PROMPT_INJECTION]: The skill operates by ingesting user-provided Markdown files to plan illustrations. While the skill lacks explicit boundary markers for untrusted input, the risk of indirect prompt injection is mitigated because the agent generates original SVG code based on its internal design principles rather than directly executing instructions embedded within the user's article text.
Audit Metadata