css-specificity
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): No direct or indirect injection patterns were detected. Regarding indirect prompt injection (Category 8): 1. Ingestion points: Local .css files found via globbing. 2. Boundary markers: JSON structure for script output helps delimit data. 3. Capability inventory: Execution of local Python script for analysis. 4. Sanitization: The workflow requires explicit user approval before any changes are applied to files.
- DATA_EXFILTRATION (SAFE): No hardcoded credentials or network operations were found. The skill does not access sensitive system paths or environment variables.
- COMMAND_EXECUTION (SAFE): The skill runs a local Python script to process CSS files. This is a standard and safe use of tools for static analysis within the agent's workflow.
- EXTERNAL_DOWNLOADS (SAFE): The skill does not download or execute remote code during runtime. The installation command mentioned in the README refers to the skill deployment itself, not a runtime dependency.
Audit Metadata