colorffy
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): The content consists purely of technical documentation and usage examples. No attempt to override agent instructions or bypass safety filters was found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths (e.g., .ssh, .aws), or suspicious network requests were identified. The external links point to legitimate GitHub repository resources.
- Remote Code Execution (SAFE): While the skill suggests installing packages via npm, it does not include commands that pipe remote scripts to a shell (e.g., curl | bash) or use dynamic execution sinks like eval().
- Obfuscation (SAFE): All files are written in cleartext markdown and code blocks. No Base64 encoding, zero-width characters, or homoglyphs were detected.
- Indirect Prompt Injection (SAFE): This skill is a static reference guide. It does not ingest untrusted external data at runtime into the agent's decision-making process, presenting a negligible risk for indirect injection.
Audit Metadata