svg-hand-drawn-preview
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network requests to retrieve SVG content from remote URLs specified by the user. While functional, these requests target non-whitelisted domains.
- [PROMPT_INJECTION]: The skill processes untrusted SVG markup to generate animation logic and files, presenting an indirect prompt injection surface.
- Ingestion points: SVG source code from local files or remote URLs.
- Boundary markers: None identified.
- Capability inventory: Generation of executable HTML and JS files.
- Sanitization: No explicit security validation is applied to the input SVG content. The generated player code uses innerHTML to render the SVG markup, which could allow for script execution if the source SVG is malicious.
- [SAFE]: The skill's instructions and asset files do not contain obfuscated code, hardcoded credentials, or unauthorized system persistence mechanisms.
Audit Metadata