sprite-forge
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Several scripts in the skill execute shell commands using
subprocess.runto perform media processing tasks. For instance,scripts/video_to_spritesheet.pyandscripts/generate_walk_video.pyutilize FFmpeg for video manipulation, whilescripts/image_to_ascii.pycalls thejp2autility. These executions are consistent with the skill's documented purpose and do not utilize shell-based execution, which minimizes injection risks. - [EXTERNAL_DOWNLOADS]: The skill relies on well-known and established third-party dependencies and system tools, such as
Pillow,rembg, andImageMagick. Installation instructions provided in the documentation refer users to official package managers likepipandbrew. No unauthorized or suspicious remote code downloads are performed. - [SAFE]: A thorough analysis across the 10 threat categories revealed no evidence of prompt injection, data exfiltration, persistence mechanisms, or obfuscation. The skill's implementation follows standard practices for media asset generation.
Audit Metadata