Color Palette Generator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to ingest and process data from external, untrusted sources which can be leveraged for indirect prompt injection attacks.
- Ingestion points: Workflow 3 (Palette from Inspiration) accepts external URLs ('Competitor site') and images ('Image/photo reference').
- Boundary markers: There are no defined boundary markers or delimiters specified to separate external content from the agent's internal instructions.
- Capability inventory: The skill explicitly integrates with tools capable of external interaction, specifically
Firecrawlfor web crawling andPlaywrightfor browser automation. - Sanitization: There is no evidence of sanitization or filtering logic for content retrieved from external sites before it is interpolated into the agent's reasoning process.
Audit Metadata