accessible-contrast
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes
npx @basiclines/rampato download and execute code from an external registry. The organization@basiclinesis not included in the Trusted External Sources list, making this an unverifiable dependency. - COMMAND_EXECUTION (HIGH): The skill provides recipes for executing shell commands using interpolated variables, specifically
<brand-color>. - Evidence (SKILL.md):
rampa -C "<brand-color>" -L 98:5 --size=11 -O css --name=color - Risk: If the agent retrieves the brand color from an untrusted source (e.g., scraping a website or reading a user-provided file), an attacker could perform shell injection (e.g., by providing
#000; rm -rf /) leading to unauthorized system access. - INDIRECT PROMPT INJECTION / CATEGORY 8 (HIGH): The skill presents a significant vulnerability surface due to the combination of untrusted data ingestion and shell execution capabilities.
- Ingestion points: The
<brand-color>parameter inSKILL.md. - Boundary markers: Absent. There are no instructions to delimit the input or ignore embedded instructions.
- Capability inventory: Subprocess execution via shell command provided in the Recipe.
- Sanitization: Absent. No validation logic or instruction is provided to ensure the input is a valid color hex/string before it is passed to the shell.
Recommendations
- AI detected serious security threats
Audit Metadata