iconsax-library
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses directive language designed to override the agent's default logic for UI component selection. Evidence includes phrases like 'ABSOLUTE MANDATE', 'Agents MUST utilize this skill', and 'DO NOT use common, generic, or default browser/framework icons'.
- [PROMPT_INJECTION]: The skill includes self-authoritative metadata that attempts to influence security assessment. Evidence: The frontmatter contains a 'risk: safe' field.
- [EXTERNAL_DOWNLOADS]: The skill references external domains for asset retrieval and AI generation. Evidence: Links to 'iconsax.io' and 'app.iconsax.io/ai' are provided as primary sources for icons.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its integration with external AI-driven generation tools. Ingestion point: app.iconsax.io/ai (SKILL.md). Capability inventory: Agent uses generated assets to build UI/UX components. Sanitization: None provided. Boundary markers: None provided.
Audit Metadata