app-icon

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns detected. The skill focuses on image generation and asset packaging.
  • [COMMAND_EXECUTION]: No suspicious shell commands or privilege escalation attempts were found.
  • [DATA_EXFILTRATION]: No network requests or sensitive file access patterns are present.
  • [REMOTE_CODE_EXECUTION]: Mentions of scripts like pipeline/export.ts refer to local project files for image processing using the standard sharp library.
  • [PROMPT_INJECTION]: The skill ingests user-provided subjects and colors into a prompt scaffold in SKILL.md. Evidence chain: 1. Ingestion points: User-provided SUBJECT and color palette in the prompt scaffold (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Local file-write operations in pipeline/export.ts. 4. Sanitization: Absent. The functionality is consistent with the skill's primary purpose and does not present an exploitable risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 01:47 PM
Security Audit — agent-trust-hub — app-icon