sablier-icon
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied color parameters which are subsequently incorporated into shell commands and file paths.\n
- Ingestion points: The argument defined in the skill metadata.\n
- Boundary markers: No specific delimiters or instructions are used to separate user data from the system prompt.\n
- Capability inventory: The skill utilizes shell commands (rsvg-convert, magick, rm) to perform image processing and temporary file management.\n
- Sanitization: The skill provides a robust resolution algorithm that validates input against a predefined list of brand aliases, specific hex code patterns, and standard CSS color names. This validation layer ensures that only safe, expected strings are used in sensitive contexts such as command-line arguments and filenames.\n- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill requires external utilities for image conversion.\n
- Evidence: Instructions specify the use of rsvg-convert (from librsvg) and magick (ImageMagick).\n
- Status: These are well-known, industry-standard tools for vector and raster graphics processing. The skill provides installation instructions via official package managers (Homebrew), which is considered a safe practice for tool-based skills.
Audit Metadata