google-fonts
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches font metadata and tags from Google's official GitHub repository (
raw.githubusercontent.com/google/fonts). This is a well-known service used for the skill's primary data enrichment purpose. - [COMMAND_EXECUTION]: Multiple Python scripts are provided for build-time tasks (enriching data, generating CSS, and creating showcase pages). These scripts execute standard file and network operations relative to the project structure.
- [DATA_EXFILTRATION]: The image generation script (
scripts/generate-og-images.py) uses an API token from environment variables to authenticate with Replicate. This is a standard and secure practice for managing secrets. - [PROMPT_INJECTION]: Instructions in
SKILL.mdare focused on font selection workflows and do not contain patterns typical of behavior overrides or safety bypass attempts.
Audit Metadata