Skills
skills/petbrains/mvp-builder/frontend-color-system/Gen Agent Trust Hub

frontend-color-system

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill contains several bash snippets utilizing curl, jq, and grep. These are used appropriately for fetching and parsing structured data from color-related APIs (TheColorAPI and WebAIM).
  • [EXTERNAL_DOWNLOADS] (LOW): The skill communicates with non-whitelisted domains www.thecolorapi.com and webaim.org. These requests are functionally necessary for the skill's purpose of color identification and accessibility validation.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes data from external APIs.
  • Ingestion points: Data returned from thecolorapi.com and webaim.org is processed by scripts.
  • Boundary markers: Absent in the bash examples.
  • Capability inventory: The skill has access to Write and Bash (*) permissions, which could be misused if an API response contained malicious instructions.
  • Sanitization: The use of jq and grep -o effectively filters the external data to only the required numeric or hex values, significantly reducing the attack surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:44 PM