inkscape
Warn
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's operational model relies on the execution of shell commands using the
cli-anything-inkscapeharness and the Inkscape binary. It specifically utilizes template variables like{pdfPath}and{citationKey}directly within shell execution patterns. This creates a surface for command injection if these values are derived from untrusted user input or external metadata. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it processes external vector files without sufficient isolation.
- Ingestion points: Data enters the agent's context through the
document opencommand which reads existing SVG files from the filesystem. - Boundary markers: The instructions lack delimiters or explicit warnings to the agent to disregard instructions that might be embedded in the SVG's XML structure or metadata.
- Capability inventory: The skill possesses significant capabilities including shell command execution, file reading, and file writing (SVG, PNG, PDF).
- Sanitization: There is no documentation or instruction for sanitizing SVG content (e.g., removing script tags or malicious metadata) before the agent processes the file objects.
Audit Metadata