app-icon-generator
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled bash script (
scripts/generate-icons.sh) to automate image processing. This script invokes ImageMagick CLI tools (magickorconvert) with proper variable quoting and shell safety flags (set -euo pipefail) to transform user-provided images. - [EXTERNAL_DOWNLOADS]: The skill documentation identifies ImageMagick as a necessary dependency and recommends installation via Homebrew, a well-known and trusted package manager for developer tools. No untrusted remote scripts or binaries are downloaded or executed.
- [DATA_EXPOSURE]: The skill's functionality is limited to reading a user-specified image and writing generated assets to a local output directory. It does not attempt to access sensitive files (such as SSH keys or environment variables) or perform network operations.
- [SAFE]: A thorough review of the instructions and scripts confirmed the absence of prompt injection, obfuscation, or persistence mechanisms. The skill's behavior is consistent with its stated purpose of icon asset generation.
Audit Metadata