tarsier
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python utility (
scripts/rasterize.py) to handle SVG-to-PNG conversion. - The execution uses the
subprocess.runmethod with a list-based argument structure, which is a secure implementation that prevents shell injection. - The script processes an SVG authored by the agent itself based on a static, internal prompt, minimizing the risk of processing malicious external data.
- [EXTERNAL_DOWNLOADS]: The documentation specifies that the skill depends on the 'librsvg' system package.
- Installation instructions point to official package managers ('brew' and 'apt'), which are recognized well-known services for system utilities and are considered safe sources.
Audit Metadata