svg-generator

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted user-provided content through an external AI service.
  • Ingestion points: Text prompts, style instructions, and reference image URLs in scripts/generate_svg.py, and image files or URLs in scripts/vectorize_svg.py.
  • Boundary markers: Absent; user inputs are directly included in the JSON payloads sent to the API.
  • Capability inventory: Network POST requests to api.quiver.ai and local file-write operations in both scripts/generate_svg.py and scripts/vectorize_svg.py.
  • Sanitization: No validation, escaping, or filtering of the user-supplied content is implemented.
  • [SAFE]: Authentication is handled via environment variables (QUIVER_API_KEY), which is a recommended practice for secret management.
  • [SAFE]: The scripts only communicate with the service provider's domain (api.quiver.ai) and do not perform any unexpected network operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 09:44 AM
Security Audit — agent-trust-hub — svg-generator