frontend-iconify
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill uses
curlto fetch icon data and SVGs fromhttps://api.iconify.design. This is the official and well-known API for the Iconify project. - [COMMAND_EXECUTION] (SAFE): Includes standard shell commands for batch downloading assets (
curl -o) and installing dependencies (npm install). These operations are restricted to the local project context and are necessary for the skill's primary function. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from an external API (
api.iconify.design). While this is an external ingestion point, the data returned (SVG paths and icon metadata) poses minimal risk of containing actionable instructions that could subvert the agent's behavior. - [NO_CODE] (SAFE): The skill primarily consists of documentation and example command-line snippets. No custom executable scripts or logic are included in the skill definition.
Audit Metadata