llm-icon-finder
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill instructs the agent to construct URLs and use
curlto download static image assets (SVG, PNG, WEBP) from thelobehub/lobe-iconsGitHub repository. These downloads are limited to non-executable media files from a reputable open-source library. - COMMAND_EXECUTION (SAFE): Bash execution is suggested only for downloading requested icons using
curl. There is no evidence of arbitrary command injection or suspicious subprocess spawning. - PROMPT_INJECTION (SAFE): The instructions are purely functional and do not contain any attempts to override system prompts, bypass safety filters, or extract sensitive instructions.
- DATA_EXFILTRATION (SAFE): No access to sensitive local files or transmission of user data to third-party servers was identified. Network activity is limited to fetching public icon assets.
Audit Metadata