geometric-elements
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the
pixie-pythonlibrary from PyPI. This is a standard drawing library and is considered a trustworthy source. - [COMMAND_EXECUTION] (LOW): The skill executes a local Python script
generate.py. While the source code for this script is not provided, the usage patterns described in the documentation are consistent with the skill's primary purpose of image generation. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection.
- Ingestion points: Reference images analyzed by the agent and the output of external brand guideline skills (e.g.,
/thepexcel-brand-guidelines). - Boundary markers: Absent; there are no instructions to ignore embedded commands in images or external skill data.
- Capability inventory: The agent is instructed to write and execute arbitrary Python code using the Pixie API, which provides a high-capability surface for potential exploitation.
- Sanitization: Not present; the skill assumes trust in the content of reference images and external skills.
- Ingestion points: Reference images analyzed by the agent and the output of external brand guideline skills (e.g.,
- [DYNAMIC_EXECUTION] (LOW): The skill explicitly instructs the agent to generate and execute Python code at runtime using the Pixie library to create custom geometric elements. This is the intended primary purpose of the skill, and the risk is mitigated by the local scope of the drawing library.
Audit Metadata