Skills
skills/accesslint/claude-marketplace/contrast-checker/Gen Agent Trust Hub

contrast-checker

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (LOW): The skill has access to WebFetch for external requests and Read/Glob/Grep for searching the entire codebase. While its instructions limit WebFetch to checking WCAG edge cases and file access to color definitions, the simultaneous presence of read and network capabilities creates a technical path for data exposure if the agent is compromised.
  • Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze untrusted data (source code files) from a user's repository.
  • Ingestion points: Files read using Read, Glob, and Grep (e.g., CSS, TSX, and theme files).
  • Boundary markers: Absent. The prompt does not provide specific delimiters or instructions to ignore instructions embedded within the code comments or strings of analyzed files.
  • Capability inventory: Network access (WebFetch), comprehensive filesystem searching (Grep, Glob), and specialized MCP tools.
  • Sanitization: None. The agent parses raw file content to extract component structures and color values without explicit sanitization steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:22 PM