_svg-drawing
Pass
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill directs the agent to execute a local utility script at the specific path
~/claude-autonomy-platform/utils/render-svg. While localized, it relies on the presence of non-standard environment utilities. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the processing of external or agent-generated SVG data. 1. Ingestion points: SVG file source code. 2. Boundary markers: Absent. 3. Capability inventory: Local command execution via the render-svg tool. 4. Sanitization: Absent. SVG files can contain embedded XML comments or metadata that could serve as malicious instructions if the agent reads the file content back during the iteration loop.
Audit Metadata