Skills
skills/lauraflorentin/skills-marketplace/Brand Studio/Gen Agent Trust Hub

Brand Studio

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
  • [COMMAND_EXECUTION]: The references/logo-creator.md file instructs the agent to execute Python code using cairosvg or Pillow to convert SVG logos into PNG files, which is a standard functional requirement for the skill.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-uploaded documents to apply branding styles. 1. Ingestion points: Files are read from /mnt/user-data/uploads/ as specified in doc-branding.md and ppt-branding.md. 2. Boundary markers: No delimiters or instructions to disregard embedded commands in user data are present. 3. Capability inventory: The skill has the ability to read and write files and execute Python code. 4. Sanitization: No sanitization or validation of the input file content is mentioned.
  • [EXTERNAL_DOWNLOADS]: The skill references Google Fonts (fonts.googleapis.com) to load brand-specific typography in generated HTML social media and web templates.
  • [NO_CODE]: The SKILL.md file claims to use a Brand Guard hook at hooks/brand_guard.py for auto-enforcement, but this file is missing from the skill package.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 04:08 AM