svg-logo-maker
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and loads the
svg.jslibrary fromcdn.jsdelivr.net. This is a well-known service for delivering open-source packages and is considered a safe source for development tools. - [PROMPT_INJECTION]: There is a surface for indirect prompt injection as the skill collects brand information from users and embeds it into a generated HTML workspace file. This file is subsequently executed using the agent's browser tools.
- Ingestion points: User-provided brand name, mission, and adjectives gathered in Phase 1.
- Boundary markers: No specific delimiters or warnings are instructed to be used when inserting these values into the HTML scaffold.
- Capability inventory: The skill utilizes
browser_navigate,browser_snapshot, andbrowser_get_input_valueto render and interact with the logo code. - Sanitization: The skill does not explicitly describe sanitization steps for user-supplied strings before they are written into the
_logo-workspace.htmlfile.
Audit Metadata