Skills
skills/phuetz/code-buddy/inkscape/Gen Agent Trust Hub

inkscape

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted SVG data.
  • Ingestion points: Reads and parses external SVG files via lxml.etree.parse and Inkscape CLI commands in SKILL.md.
  • Boundary markers: Absent; the agent processes file content without delimiters or instructions to ignore embedded instructions within the XML/SVG structure.
  • Capability inventory: Provides extensive capabilities including file system modification (os.makedirs, open, tree.write), file deletion (rm), and command execution via subprocess.run and Bash scripts.
  • Sanitization: Only basic character replacement (spaces and slashes) is performed on object labels before using them as filenames in the batch_export.py script.
  • [COMMAND_EXECUTION]: The skill automates graphics workflows by executing system commands such as inkscape, cwebp, and rm through Python's subprocess module and Bash scripts. The implementation generally uses safe patterns, such as list-based arguments in Python and variable quoting in shell scripts, to mitigate common command injection risks.
  • [EXTERNAL_DOWNLOADS]: The optimize-svgs.sh script utilizes npx svgo in its pipeline. npx is a well-known package runner that may dynamically download the svgo package from the npm registry if it is not already present in the user's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:13 AM