color-contrast-checker
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill establishes an exploitable capability surface by combining data ingestion with high-privilege tool access.
- Ingestion points: Processes user-provided requests, CSS files, and frontend code (react, vue, css) as described in the 'When to Use' section.
- Boundary markers: Absent. The skill provides no instructions to isolate or ignore instructions embedded within the processed code.
- Capability inventory: Granted 'Bash', 'Write', and 'Edit' tools in the frontmatter, allowing for arbitrary command execution and file modification.
- Sanitization: Absent. No validation or sanitization of external content is specified before passing it to high-privilege tools.
- Privilege Over-provisioning (MEDIUM): Requesting 'Bash' and 'Edit' permissions for color contrast checking is excessive. While it may be intended for running accessibility linters, the lack of constraints allows the agent to execute any system command if tricked by malicious input.
Recommendations
- AI detected serious security threats
Audit Metadata