time-svg-creator

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized network activity detected. The skill is designed to create localized SVG and Markdown files based on specific input data.\n- [PROMPT_INJECTION]: The skill processes untrusted input data (time, timezone, and formatted fields) which is interpolated into SVG and Markdown templates. While this presents a surface for indirect prompt injection, the risk is minimal given the skill's specific purpose and localized file operations.\n- Ingestion points: Input parameters (time, timezone, formatted) defined in SKILL.md.\n- Boundary markers: None present to delimit or isolate untrusted content.\n- Capability inventory: File writing via the Write tool to the agent-teams/output/ directory as specified in SKILL.md.\n- Sanitization: No escaping, validation, or filtering of input strings is performed before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 02:55 AM
Security Audit — agent-trust-hub — time-svg-creator