font-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads font files (such as .woff2, .ttf, .otf) from external websites identified during page analysis. It utilizes
curland Python'surllib.requestto retrieve these resources. - [COMMAND_EXECUTION]: The skill executes shell commands to create directories (
mkdir), download files (curl), and list results (find). It also uses theuvtool to run a bundled Python script for font organization. - [DATA_EXPOSURE]: The skill ingests and parses external website data (HTML, CSS, and JavaScript) to locate font URLs. To mitigate risks associated with untrusted filenames, the provided Python scripts implement directory sanitization logic to prevent path traversal.
Audit Metadata