logo-with-variants
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill processes untrusted SVG files, creating an attack surface for indirect prompt injection. (1) Ingestion points: SVG files located in public/test/ or user-specified paths. (2) Boundary markers: Absent; there are no instructions to ignore or delimit embedded text within SVG tags like , , or XML comments. (3) Capability inventory: Writing files to src/components/ and registry/, modifying the central registry/index.ts file, and executing local shell commands. (4) Sanitization: Absent; while attributes are converted to JSX, the content of text tags is not validated against malicious instructions.
- [COMMAND_EXECUTION] (LOW): The skill requires executing a local shell command to finalize the build process. Evidence: Step 7 explicitly instructs the agent to run 'bun run build:registry' to update public registry files.
Audit Metadata