color-palette-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of natural language instructions within a markdown file. No executable scripts, binaries, or configuration files are provided.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from external sources. 1. Ingestion points: User-provided website URLs and image files. 2. Boundary markers: Absent; there are no instructions for the agent to ignore or delimit embedded commands in the source data. 3. Capability inventory: The instructions imply the use of network-read tools (to fetch CSS) and image analysis capabilities. 4. Sanitization: Absent; the skill does not specify any validation or filtering of the fetched content before processing.
Audit Metadata