skills/zrosenbauer/skills/svg-creator/Gen Agent Trust Hub

svg-creator

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a functional collection of utilities for SVG processing with no malicious behavior or patterns detected.
  • [COMMAND_EXECUTION]: The preflight.mjs script includes functionality to install the sharp dependency using the user's local package manager (e.g., npm or pnpm). This is a standard setup procedure and requires user confirmation or explicit flag usage.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the well-known sharp library from official package registries to enable image conversion features.
  • [SAFE]: The convert.mjs script proactively sanitizes SVG input by stripping external href schemes, such as file: and http:, to mitigate risks of SSRF and XXE during the conversion process.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:27 PM
Security Audit — agent-trust-hub — svg-creator