Skills
skills/ven0m0/claude-config/svg/Gen Agent Trust Hub

svg

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requests Bash permissions restricted to svgo and npx prefixes in SKILL.md to facilitate SVG optimization and management.
  • [EXTERNAL_DOWNLOADS]: The documentation in modules/svg-optimization.md suggests installing svgo via npm and the allowed-tools configuration permits the use of npx, which involves downloading and executing external code from the npm registry.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it processes SVG files that can be retrieved via WebFetch. Maliciously crafted SVGs could contain embedded scripts or instructions designed to influence the agent's behavior.
  • Ingestion points: SVG data processed through the svgo tool and Read/WebFetch tools.
  • Boundary markers: None explicitly mentioned in the instructions to the agent for handling untrusted data.
  • Capability inventory: Subprocess execution via svgo and npx, file read/write access for SVG files, and network fetching via WebFetch.
  • Sanitization: The primary purpose of the skill includes using svgo for optimization, which acts as a form of sanitization for SVG content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 01:32 PM