color-palette
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats or malicious patterns were identified. The skill consists of reference guides, mathematical conversion formulas for color spaces (Hex to HSL), and CSS templates.
- [PROMPT_INJECTION]: The skill configuration defines an agent that processes user-provided brand colors to generate theme files. This represents a safe ingestion surface for indirect prompt injection, as the data is handled using deterministic mathematical conversions rather than being interpreted as instructions.
- Ingestion points: User-provided brand hex input in 'agents/palette-generator.md'.
- Boundary markers: Absent.
- Capability inventory: 'Read', 'Write', 'Glob', and 'Grep' tools in 'agents/palette-generator.md'.
- Sanitization: Absent; however, the agent follows strict JS/CSS templates which limits injection impact.
- [COMMAND_EXECUTION]: The 'agents/palette-generator.md' configuration explicitly instructs the agent to use the 'Write' tool for file creation and proactively forbids the use of general shell commands (Bash), adhering to the principle of least privilege.
Audit Metadata