Skills
skills/bluewaves-creations/bluewaves-skills/brand-bluewaves/Gen Agent Trust Hub

brand-bluewaves

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The assets/manifest.json file references an external icon source (https://unpkg.com/@phosphor-icons/core@2.1.1/assets/regular). This involves a network request to a non-whitelisted domain to fetch brand assets.
  • [COMMAND_EXECUTION] (LOW): The skill frontmatter requests Bash, Read, and Write tool permissions. These are intended to facilitate document composition via the mentioned render.py and compose.py scripts.
  • [Indirect Prompt Injection] (LOW): The skill defines an attack surface where processed data could influence agent instructions. Evidence: (1) Ingestion points: assets/manifest.json, assets/templates/pdf/zones.json. (2) Boundary markers: None identified. (3) Capability inventory: Bash, Read, and Write tools. (4) Sanitization: No sanitization or validation logic is present in the provided configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 08:22 AM