asset-generation
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes python3 commands using a variable ($ENGINE) to determine the script path, which is a form of dynamic execution from a computed path.
- [EXTERNAL_DOWNLOADS]: Interacts with OpenAI and Google Gemini APIs via curl to generate images and icons.
- [PROMPT_INJECTION]: Ingests and processes user-provided logo references and design descriptions. Ingestion points: User requests and visual references. Boundary markers: The Logo Prompt Contract provides specific formatting constraints. Capability inventory: Uses curl and python3 for task execution. Sanitization: Instructions mandate extracting abstract principles rather than literal copying of references.
Audit Metadata