logo-creator
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash to execute local scripts (
scripts/compose_logo.py,scripts/remove_bg.py,scripts/create_logo_sheet.py) to manage image processing, HTML generation, and logo layout composition.\n- [EXTERNAL_DOWNLOADS]: Fetches typography assets from Google's official font service (fonts.googleapis.com) during the logo composition process.\n- [EXTERNAL_DOWNLOADS]: Instructions are provided to install well-known third-party libraries (rembg,playwright,onnxruntime,pillow) from official package registries to support background removal and browser-based rendering.\n- [PROMPT_INJECTION]: Ingests untrusted user data (brand names and taglines) which is directly interpolated into HTML templates for rendering, creating a surface for indirect prompt injection.\n - Ingestion points: Brand identity details provided by the user in the initial request phase in
SKILL.md.\n - Boundary markers: No markers or delimiters are used; user-supplied text is placed directly into HTML
<span>elements.\n - Capability inventory: The skill possesses capabilities for local script execution via Bash, file system writes in the
logos/directory, and headless browser operations via Playwright.\n - Sanitization: No escaping, validation, or sanitization logic is present in
scripts/compose_logo.pybefore the user data is rendered in the browser.
Audit Metadata