select-svg-icon
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill workflow involves analyzing local Revit command scripts to determine functional intent (Workflow Step 1 in SKILL.md). This creates an indirect prompt injection surface where a malicious or specifically crafted script could contain instructions intended to influence the agent's selection process or bypass the review rubric. \n
- Ingestion points: Workflow Step 1 in SKILL.md reads target command scripts into the agent's context. \n
- Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when processing the script content. \n
- Capability inventory: scripts/render_svg_icon_png.py executes the rsvg-convert binary via subprocess.run; scripts/acquire_svgrepo_svg.py performs network requests and local file writes. \n
- Sanitization: The skill does not perform sanitization or instruction-filtering on the text extracted from target scripts. \n- [EXTERNAL_DOWNLOADS]: The skill automates the retrieval of icon assets from svgrepo.com and provides instructions for manual retrieval from svgfind.com. \n
- Evidence: scripts/acquire_svgrepo_svg.py downloads content from svgrepo.com. \n- [COMMAND_EXECUTION]: The skill uses the system utility rsvg-convert to transform SVG files into PNG format. \n
- Evidence: scripts/render_svg_icon_png.py invokes the rsvg-convert tool using subprocess.run with parameters for size and file paths.
Audit Metadata