svg-draw
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (LOW): The skill utilizes a bash script
scripts/svg_to_png.shto execute the system utilityrsvg-convert. While the script uses double quotes for variables, it does not perform type or value validation on theWIDTH,HEIGHT, or path arguments. This could allow an attacker to inject additional command-line flags if the agent is tricked into passing malicious strings. - Indirect Prompt Injection (LOW): The skill processes SVG files and command arguments which constitute an attack surface for indirect injection if the source data is untrusted.
- Ingestion points: SVG file content and shell script arguments in
scripts/svg_to_png.sh. - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded XML directives in the SVG source.
- Capability inventory: Execution of
rsvg-convertand filesystem write access as defined inscripts/svg_to_png.sh. - Sanitization: Absent; there is no validation of the SVG schema or sanitization of the dimensions before they are passed to the system renderer.
Audit Metadata