svg-creator
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a functional collection of utilities for SVG processing with no malicious behavior or patterns detected.
- [COMMAND_EXECUTION]: The
preflight.mjsscript includes functionality to install thesharpdependency using the user's local package manager (e.g., npm or pnpm). This is a standard setup procedure and requires user confirmation or explicit flag usage. - [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the well-known
sharplibrary from official package registries to enable image conversion features. - [SAFE]: The
convert.mjsscript proactively sanitizes SVG input by stripping externalhrefschemes, such asfile:andhttp:, to mitigate risks of SSRF and XXE during the conversion process.
Audit Metadata