better-icons
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a command-line utility called better-icons that allows users to search, retrieve, and download SVG icons, and also provides a setup command to configure AI agent environments like Cursor and Claude Code.\n- [EXTERNAL_DOWNLOADS]: The skill references and fetches icon data from api.iconify.design, which is a well-known and reputable service for open-source icon sets.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection due to its handling of untrusted input and file system capabilities.\n
- Ingestion points: Tools such as search_icons and recommend_icons take natural language input (query and use_case) which could contain malicious instructions.\n
- Boundary markers: There are no documented boundary markers or instructions to the agent to disregard instructions embedded within the retrieved icon metadata or search results.\n
- Capability inventory: The sync_icon tool can write to absolute file paths provided in the icons_file argument, and the CLI search command includes a download flag that writes to the local file system.\n
- Sanitization: No explicit sanitization or validation of the input strings or the data retrieved from the external API is mentioned before these are used in file-writing operations.
Audit Metadata