favicon
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill performs standard image processing and file management tasks using common tools like ImageMagick.
- [COMMAND_EXECUTION]: The skill uses shell commands (
magick,cp,mkdir) which are correctly scoped to the project environment and are used to fulfill the primary purpose of the skill. Shell variables are handled with proper quoting. - [DATA_EXPOSURE]: The skill reads local project metadata files such as
package.jsonandsite.webmanifestto extract configuration details like the application name. This is standard behavior for project-integrated tools and does not involve sensitive user credentials. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from local project files to determine its configuration.
- Ingestion points: Reads
package.json,site.webmanifest, and directory names to determine the application name. - Boundary markers: Not explicitly defined, but the extracted data is used only for templating (e.g., in manifest strings or HTML tags).
- Capability inventory: Includes image processing (
magick), file copying (cp), and file creation/modification (manifests and layout files). - Sanitization: Validates the source image file extension before processing.
Audit Metadata