Skills
skills/xiao0916/lm-skills/psd-to-cocos/Gen Agent Trust Hub

psd-to-cocos

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes local Python scripts using the subprocess.run method in scripts/processor.py. This orchestration is used to call the psd-layer-reader and psd-slicer components. The implementation is secure as it uses explicit argument lists and sys.executable, which avoids the security risks associated with shell interpolation.
  • [SAFE]: No evidence of prompt injection or attempts to bypass AI safety guidelines was found in SKILL.md. The instructions are strictly limited to the technical process of design file conversion.
  • [SAFE]: The skill does not perform any network operations or access sensitive system files like credentials or SSH keys. All operations are confined to the user-specified input PSD and the designated output directory.
  • [SAFE]: The code contains no obfuscation, hidden URLs, or dynamic execution of untrusted remote content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 12:49 PM