Skills
skills/hitoshura25/claude-devtools/android-app-icon/Gen Agent Trust Hub

android-app-icon

Fail

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/generate-app-icons.sh is vulnerable to arbitrary code injection.
  • The script uses an unquoted shell heredoc (python3 << PYEOF) to execute Python code at runtime.
  • Shell variables such as $ICON_NAME and $ICON_SCALE are interpolated directly into the Python source code by the shell before execution.
  • An attacker or a malicious data source could provide an icon ID (e.g., mdi:'); import os; os.system('touch /tmp/pwned')) that breaks out of the Python string literal to execute arbitrary commands.
  • The environment variable ICON_SCALE is also interpolated without validation, providing another vector for injection.
  • [EXTERNAL_DOWNLOADS]: The skill fetches icon metadata and SVG assets from api.iconify.design.
  • While Iconify is a well-known and generally trusted service, the lack of sanitization when processing these external identifiers in the generation script creates a significant security risk.
  • [PROMPT_INJECTION]: The vulnerability in the asset generation logic creates a high-risk surface for indirect prompt injection.
  • Ingestion points: Malicious icon IDs could be introduced via search results from the Iconify API or from metadata within the user's Android project files (e.g., package names or app names used as search terms).
  • Boundary markers: There are no boundary markers or sanitization routines ensuring that identifiers retrieved from the API are safe for use in shell/Python execution.
  • Capability inventory: The skill has the ability to read project files, write to the file system, and execute shell commands.
  • Sanitization: While the script validates that WIDTH and HEIGHT are numeric, it fails to sanitize the ICON_NAME and ICON_SCALE variables before they are used in dynamic code generation.
  • [REMOTE_CODE_EXECUTION]: The combination of fetching data from an external API and using it in an unsafe dynamic execution context allows for a chain leading to remote code execution.
  • Remediation: Use a quoted heredoc identifier (e.g., << 'PYEOF') in the shell script to prevent variable interpolation, and pass necessary variables as command-line arguments to the Python process instead.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 28, 2026, 12:40 PM