favicon-gen
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill identifies user-provided logos, SVGs, and brand descriptions as primary inputs in Step 1.
- Ingestion points: Logo file (SVG/PNG) and brand-specific text inputs provided by the user.
- Boundary markers: None specified in the workflow to differentiate between the data (the image) and potential instructions embedded within the file formats.
- Capability inventory: The skill produces SVG source code, HTML meta tags, and web manifests, and performs file write operations to
/claudedocs/(Step 7). - Sanitization: No explicit sanitization of SVG XML content or image metadata is mentioned.
- Risk: An attacker could provide a malicious SVG file containing instructions within XML comments (e.g., "") which the agent might follow if it processes the file content directly.
Audit Metadata