svg-to-react
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it processes external, potentially attacker-controlled SVG data.
- Ingestion points: Untrusted SVG content is passed via the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: Absent. There are no delimiters or explicit instructions to the agent to disregard instructions embedded within the SVG XML (e.g., inside comments or metadata).
- Capability inventory: The skill is explicitly granted the capability to perform file system deletions ("Delete original SVG file").
- Sanitization: Absent. There is no logic to sanitize or validate the SVG input before the agent processes it or executes the deletion rule.
- [Command Execution] (LOW): The skill instructs the agent to perform a destructive file system operation ("Delete original SVG file after successful conversion"). While this is intended for cleanup, an adversary could use indirect prompt injection within the SVG to attempt to manipulate the target path or trigger the deletion of other files.
Audit Metadata