moai-tool-svg
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill provides legitimate documentation and patterns for SVG development. No malicious code, obfuscation, or persistence mechanisms were identified.\n- [COMMAND_EXECUTION]: The skill instructs the agent to utilize command-line tools such as
svgoandnpxfor SVG optimization and build workflows. This involves standard shell operations for graphic processing within the domain of vector graphics specialist tasks.\n- [PROMPT_INJECTION]: The skill facilitates the processing of SVG files, which could contain instructions intended to influence agent behavior (Indirect Prompt Injection). The risk is mitigated by explicit documentation on using SVGO plugins to sanitize files.\n - Ingestion points: Agent reads SVG files from the local workspace or remote sources via
WebFetch.\n - Boundary markers: Not explicitly defined in the provided templates or instructions.\n
- Capability inventory: Shell command execution (
svgo,npx), file access (Read,Grep,Glob), and network operations (WebFetch).\n - Sanitization: The skill provides detailed configuration for
svgoto remove scripts, metadata, and editor data, which serves as a security control for processing external vector data.
Audit Metadata