create-favicon
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to manage its internal tool within the 'tools/create-favicon' directory. This includes installing dependencies with 'pnpm install', building the project with 'pnpm build', and running the generated CLI with 'node dist/cli.js'.
- [EXTERNAL_DOWNLOADS]: The setup process involves downloading Node.js packages from the official NPM registry via 'pnpm'. This is standard behavior for building tools that rely on libraries like 'sharp' for image processing.
- [SAFE]: The skill implements a 'Mandatory source image gate' (Step 0) that requires confirmation of a usable source image before any processing occurs. This is a positive safety measure that prevents the agent from acting on unintended files or creating empty data.
Audit Metadata