pycli-color
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): The skill contains instructional content and a 'reusable prompt' template for the AI to generate code. There are no attempts to bypass safety filters, override system instructions, or extract system prompts.
- DATA_EXFILTRATION (SAFE): The provided Python script reads environment variables (NO_COLOR, FORCE_COLOR, TERM) to determine color support. This is standard behavior for CLI tools. No sensitive file paths are accessed, and no network requests are made.
- REMOTE_CODE_EXECUTION (SAFE): No remote scripts are downloaded or executed. The skill relies entirely on the standard Python library (argparse, os, sys).
- OBFUSCATION (SAFE): All code and instructions are provided in clear text. There is no use of Base64 encoding, zero-width characters, or homoglyphs to hide malicious intent.
- INDIRECT_PROMPT_INJECTION (SAFE): While the skill involves processing text for the help menu, the data source is the script's own argument definitions. There is no ingestion of untrusted external data that could influence the agent's logic.
Audit Metadata