skills/drmrduck/skills/appicons/Gen Agent Trust Hub

appicons

Warn

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/favicon-gen.sh is vulnerable to command injection. It uses an unquoted heredoc delimiter (cat <<JSON) to construct the API payload. In Bash, unquoted heredocs perform variable expansion and command substitution. Because parameters like --bg, --shape, --variant, and --primary are interpolated directly into this block without sanitization or validation, a crafted argument containing shell patterns (such as $(...) or backticks) will be executed by the shell during the script's runtime.
  • [COMMAND_EXECUTION]: The script utilizes unzip -o -q to extract a zip archive retrieved from a remote API. This pattern is susceptible to 'Zip Slip' (path traversal) attacks if the remote server is compromised or malicious, potentially allowing files to be overwritten outside of the designated output directory.
  • [COMMAND_EXECUTION]: The skill uses curl for network communication and employs python3 -c or jq as dynamic execution fallbacks for parsing JSON data from API responses.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to api.iconify.design to fetch SVG icons and favicontools.com to upload image data and download the resulting icon package.
  • [DATA_EXFILTRATION]: Local files or remote images provided as a source are read and uploaded (base64 encoded) to the external favicontools.com API. The script includes a basic security control that restricts local file access to common image extensions (png, jpg, jpeg, webp, gif, svg).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 28, 2026, 12:53 AM