generate-brand-assets

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch the generate-brand-assets package from the NPM registry. This is a standard method for running Node.js utilities without manual installation.
  • [REMOTE_CODE_EXECUTION]: Execution of the utility via npx involves running code from a remote registry. In this context, the tool is used to process image assets locally.
  • [COMMAND_EXECUTION]: User inputs like project names and taglines are passed as arguments to a shell command. While this creates a potential surface for injection, the skill is designed for developer-led asset generation.
  • Ingestion points: Project name, tagline, and color parameters in SKILL.md.
  • Boundary markers: None present in the command template.
  • Capability inventory: Subprocess execution via npx (documented in SKILL.md).
  • Sanitization: Input sanitization is not explicitly defined in the provided instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 02:48 PM
Security Audit — agent-trust-hub — generate-brand-assets