Skills
skills/joaquimscosta/arkhe-claude-plugins/icon-forge/Gen Agent Trust Hub

icon-forge

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or data exfiltration vectors were identified in the skill instructions or the associated Python script.
  • [COMMAND_EXECUTION]: The skill provides a Python script (generate_assets.py) that uses subprocess.run() to call system utilities such as rsvg-convert or ImageMagick. These calls are implemented using list-based arguments without a shell, which effectively prevents command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The asset generation script utilizes the Pillow library, a standard and trusted package for image manipulation in Python. It does not perform any unverified remote downloads or network-based script executions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 10:55 AM