icon-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill has a significant attack surface for Indirect Prompt Injection. ● Ingestion points: The skill processes user-supplied SVG and PNG files via 'scripts/generate_icons.py'. ● Boundary markers: No delimiters or instructions are present to prevent the agent from following malicious commands embedded in image metadata or SVG XML. ● Capability inventory: The skill has broad capabilities to write files to the filesystem (icons, manifests, and PWA assets) and execute local scripts. ● Sanitization: No sanitization logic for input files or metadata is mentioned.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on an external script 'scripts/generate_icons.py' and system dependencies like Inkscape and Python rasterizers that are not provided in the skill package, preventing verification of their security.
- [COMMAND_EXECUTION] (MEDIUM): The documentation instructs the agent to run local Python scripts to process binary data, which poses a command injection risk if the script handles filenames or metadata unsafely.
Recommendations
- AI detected serious security threats
Audit Metadata