app-icon
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill focuses on image generation and asset packaging.
- [COMMAND_EXECUTION]: No suspicious shell commands or privilege escalation attempts were found.
- [DATA_EXFILTRATION]: No network requests or sensitive file access patterns are present.
- [REMOTE_CODE_EXECUTION]: Mentions of scripts like pipeline/export.ts refer to local project files for image processing using the standard sharp library.
- [PROMPT_INJECTION]: The skill ingests user-provided subjects and colors into a prompt scaffold in SKILL.md. Evidence chain: 1. Ingestion points: User-provided SUBJECT and color palette in the prompt scaffold (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Local file-write operations in pipeline/export.ts. 4. Sanitization: Absent. The functionality is consistent with the skill's primary purpose and does not present an exploitable risk.
Audit Metadata