bm-favicon-creator
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
rsvg-convertandmagick(ImageMagick) to rasterize SVG sources into multiple PNG and ICO formats. These commands are executed via the shell with arguments derived from user input and external data. - [EXTERNAL_DOWNLOADS]: The agent is instructed to fetch SVG files from external domains, including Lucide's official site and other unnamed "official sources" for various icon libraries.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from external URLs and interpolates this content into SVG templates before passing it to system-level image processing tools.
- Ingestion points: External SVG assets fetched from the web and user-provided descriptions in SKILL.md.
- Boundary markers: None identified for the interpolation of SVG path data into the XML templates.
- Capability inventory: File system writes to the
public/directory and/tmp/, and subprocess execution of image processing binaries. - Sanitization: The skill lacks explicit validation or sanitization logic for the SVG path data or hex color codes before they are embedded into the generated files.
Audit Metadata