Skills
skills/alpoxdev/hypercore-business/logo-maker/Gen Agent Trust Hub

logo-maker

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local Node.js scripts (archive-logo-assets.mjs, render-simple-logo-rgba.mjs) to manage files and open a browser preview. This is intended functionality for the logo design workflow. The scripts use standard Node.js modules and perform path sanitization to prevent directory traversal.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input (brand names and requirements) to construct image generation prompts.
  • Ingestion points: User requirements provided in the prompt are parsed and stored in a JSON logo brief in SKILL.md and SKILL.ko.md.
  • Boundary markers: The workflow enforces a mandatory structured JSON review step before the final prompt is sent to the image generation model, as specified in the execution_contract.
  • Capability inventory: The skill has the capability to write to the .hypercore directory, generate images via the image API, and execute local utility scripts as defined in the SKILL.md.
  • Sanitization: Brand text is treated as verbatim data within a structured JSON object. The slugify function in scripts/archive-logo-assets.mjs prevents unsafe characters from being used in directory or file names.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 05:51 AM
Security Audit — agent-trust-hub — logo-maker