generate-brand-assets
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto fetch thegenerate-brand-assetspackage from the NPM registry. This is a standard method for running Node.js utilities without manual installation. - [REMOTE_CODE_EXECUTION]: Execution of the utility via
npxinvolves running code from a remote registry. In this context, the tool is used to process image assets locally. - [COMMAND_EXECUTION]: User inputs like project names and taglines are passed as arguments to a shell command. While this creates a potential surface for injection, the skill is designed for developer-led asset generation.
- Ingestion points: Project name, tagline, and color parameters in
SKILL.md. - Boundary markers: None present in the command template.
- Capability inventory: Subprocess execution via
npx(documented inSKILL.md). - Sanitization: Input sanitization is not explicitly defined in the provided instructions.
Audit Metadata