color-palette-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [NO_CODE] (SAFE): This skill contains no executable scripts, binaries, or configuration files for package managers. It is strictly an instructional markdown file.
- [PROMPT_INJECTION] (SAFE): No patterns of prompt injection, system prompt extraction, or safety filter bypasses were detected in the instructions.
- [Indirect Prompt Injection] (LOW): Ingestion points: Website URLs and image files (SKILL.md). Boundary markers: Absent; no delimiters are defined to isolate external data. Capability inventory: Network access (fetching CSS) and image pixel data analysis. Sanitization: No sanitization or validation of external content is mentioned. Risk Assessment: The ingestion of untrusted external content creates a surface for indirect prompt injection, but the restricted nature of the task (color analysis) results in a low impact.
Audit Metadata