favicon
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash commands (
magick,cp,mkdir) to process images and organize project assets. These operations are restricted to the local environment and aligned with the skill's primary purpose. - [PROMPT_INJECTION]: The skill reads external project data to determine the application name, creating a surface for indirect prompt injection if project files contain malicious content.
- Ingestion points: Reads data from
package.json,site.webmanifest, andconfig/application.rb(SKILL.md). - Boundary markers: Absent. The skill interpolates extracted metadata (like the app name) directly into file update templates without specific delimiters or isolation instructions.
- Capability inventory: Includes image processing via ImageMagick, directory creation, file copying, and modification of project layout files (HTML/TypeScript/Ruby).
- Sanitization: Performs validation on the source image file extension but lacks sanitization or validation for text extracted from project configuration files used in downstream operations.
Audit Metadata