color-theory-palette-harmony-expert
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references well-known technology and design resources, such as oklch.com and evilmartians.com, for color theory guidance. It also suggests installing a variety of established scientific Python packages (colormath, opencv-python, numpy, scipy, scikit-image, pot, hnswlib, scikit-learn) from standard package registries to perform its calculations.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool for the installation of its Python dependencies and is designed to execute complex algorithmic scripts involving optimal transport, clustering, and color space transformations.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its data-ingestion capabilities combined with system-level tools.\n
- Ingestion points: Untrusted data enters the agent context through the mcp__firecrawl__firecrawl_search tool (researching papers) and the WebFetch tool (fetching reference palettes or articles).\n
- Boundary markers: No explicit instructions or delimiters are provided to the agent to distinguish between its system instructions and potentially malicious content embedded in the text of research papers or web pages.\n
- Capability inventory: The skill has broad capabilities including command execution (Bash), file modification (Write, Edit), and image generation (Stability AI).\n
- Sanitization: While the skill converts image data into numeric matrices (LAB/LCH), which inherently sanitizes pixel data against text-based injection, there is no explicit sanitization for text content fetched from the web before it is interpreted by the agent.
Audit Metadata