diagram
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill relies on executing shell commands (
sipsorrsvg-convert) to render SVG files into PNGs. - Evidence:
references/svg-recipes.mdprovides command templates likersvg-convert -w 1280 -h 720 input.svg -o output.png. - Risk: If the agent dynamically constructs these shell strings using user-provided filenames or labels without strict escaping, it could lead to arbitrary command execution.
- PROMPT_INJECTION (MEDIUM): High vulnerability to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill is triggered by user content ("visualize this") as noted in
README.md. - Boundary markers: Absent. The skill provides no instructions for delimiting untrusted user data or instructing the agent to ignore instructions embedded within the data to be visualized.
- Capability inventory: The skill possesses the ability to write files to the filesystem and execute shell-based subprocesses (
sips,rsvg-convert). - Sanitization: Absent. No logic is provided to sanitize user input before it is interpolated into SVG XML or shell commands.
Audit Metadata