color-palette-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of markdown instructions for the AI agent and does not include any executable scripts, shell commands, or binary files.
- Indirect Prompt Injection (LOW):
- Ingestion points: The skill is designed to process external data such as Website URLs and Image files (SKILL.md).
- Boundary markers: Absent. There are no explicit instructions to the agent to disregard instructions embedded within fetched CSS comments or image metadata.
- Capability inventory: Includes network read capabilities (fetching CSS) and the generation of structured code output (CSS, JSON, Swift, XML).
- Sanitization: Absent. No specific sanitization logic is prescribed for the external content before it is processed or used in code generation.
- Prompt Injection (SAFE): No patterns of direct prompt injection, jailbreak attempts, or instructions to override system safety guidelines were identified.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or attempts to access sensitive system files (e.g., SSH keys, environment variables) were found.
Audit Metadata