SVG Logo Designer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious patterns, persistence mechanisms, or privilege escalation attempts were detected. The skill focuses entirely on design requirements gathering and SVG code generation.
- [EXTERNAL_DOWNLOADS]: The skill's documentation mentions CloudConvert (a well-known service) as a resource for users to manually convert SVG files. This reference is informative for the end-user and does not involve automated network requests or code downloads by the agent.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) by using user-provided brand names in file generation.
- Ingestion points: User-provided 'Company/product name' and brand descriptions are collected in Phase 1 and used in subsequent phases.
- Boundary markers: None explicitly defined in the provided instruction templates.
- Capability inventory: The skill uses the 'Write' tool to save SVG files to the local filesystem (Phase 6).
- Sanitization: There is no explicit instruction to sanitize or validate the brand name string before it is interpolated into filenames or SVG text elements. While this presents a theoretical path traversal surface, it is a standard functional requirement for a file-writing skill and is considered low risk given the intended use case.
Audit Metadata