asset-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution (SAFE): The skill executes local Python scripts for SVG path manipulation. The provided
merge-paths.pyscript is implemented securely using standard library modules. - Data Exposure & Exfiltration (SAFE): No sensitive file access or network communication patterns were identified.
- Prompt Injection (SAFE): The skill's documentation contains purely technical instructions for asset creation and does not attempt to subvert AI behavioral constraints.
- Indirect Prompt Injection (SAFE): The skill accepts user-provided parameters to define SVG shapes. While this creates an ingestion surface for untrusted data, the processing logic in the provided script is safe, and the surface is necessary for the skill's primary function. * Ingestion points: User-defined equations and JSON parameters in references/path-creation.md * Boundary markers: Absent * Capability inventory: Local script execution via the bash tool * Sanitization: The
merge-paths.pyscript validates input using standard JSON parsing.
Audit Metadata