Skills
skills/heroygt/skills/svg-icon-maker/Gen Agent Trust Hub

svg-icon-maker

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The script executes local file system operations to process images. It takes user-provided file paths as arguments via process.argv.
  • [EXTERNAL_DOWNLOADS] (LOW): Requires npm packages @neplex/vectorizer and sharp. These are established libraries for image processing.
  • [PROMPT_INJECTION] (LOW): Potential indirect injection surface through unvalidated path arguments. 1. Ingestion points: inputFile and outputDir in convert-template.js. 2. Boundary markers: Absent. 3. Capability inventory: fs.mkdirSync, fs.copyFileSync, fs.writeFile, and sharp.toFile. 4. Sanitization: Absent for directory paths, allowing potential path traversal within local permissions.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 12:31 AM