ascii-cli-logo-banner-figletjs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted user data (brand, slogan, hint) and outputs it as ASCII art.
- Ingestion points: Command-line arguments (
--brand,--slogan,--hint) inscripts/figlet_banner.mjs. - Boundary markers: None explicitly mentioned in the documentation or logic description to prevent the agent from misinterpreting instructions embedded in the generated ASCII art.
- Capability inventory: Executes a local Node.js script using
node. - Sanitization: No explicit sanitization or escaping of the input strings is described before they are passed to the FIGlet engine.
- External Downloads (SAFE): The skill requires the
figletnpm package. While this is an external dependency, it is a well-known, standard library for this specific purpose. - Command Execution (SAFE): The skill executes a local script (
scripts/figlet_banner.mjs) using the Node.js runtime. This is standard behavior for an agent skill of this type.
Audit Metadata