favicon
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands (
magick,rsvg-convert) to transform images. These commands are executed on user-provided file paths, which are wrapped in quotes within the skill's instructions to mitigate basic command injection risks. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads application metadata from local project files (e.g.,
package.json,site.webmanifest) and interpolates this data into HTML and JSON templates. - Ingestion points: Project configuration files (
package.json,site.webmanifest) and the source image path argument ($1). - Boundary markers: No explicit delimiters or boundary markers are used to isolate the interpolated application name.
- Capability inventory: The skill is capable of executing image processing commands and performing file system writes to project source files (HTML, TSX, JSON).
- Sanitization: There is no evidence of sanitization or validation of the data extracted from project files before it is injected into the target layout files.
Audit Metadata