icon-set-generator
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by taking untrusted user input and embedding it into generated assets.
- Ingestion points: The skill ingests user-provided project details, business names, and icon labels as described in the workflow in SKILL.md.
- Boundary markers: There are no explicit instructions or delimiters defined to separate user-provided content from the skill's own logic or to prevent the agent from obeying instructions embedded within user input.
- Capability inventory: The skill possesses the capability to create directories and write files to the local filesystem, including SVG, JSON, and HTML files.
- Sanitization: The instructions lack guidance for the agent to sanitize or escape user-provided strings before they are interpolated into the HTML template provided in references/preview-template.md, which could allow for the execution of malicious scripts if the generated preview is opened in a browser.
Audit Metadata