chromatic-walk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists of a single markdown file (SKILL.md) that serves as documentation and a configuration header. No executable scripts, binaries, or source code files are included in the skill package.
- COMMAND_EXECUTION (SAFE): The skill references the use of 'just' as a task runner (e.g., 'just chromatic-walk'). This is a common development tool for automating workflows and does not constitute a security risk in the context of this documentation.
- INDIRECT_PROMPT_INJECTION (SAFE): While the skill's stated purpose is to 'explore codebase improvements'—which is a surface for ingesting untrusted data—the skill itself provides no mechanisms for data interpolation or autonomous execution that would be vulnerable to indirect injection. Ingestion point: Codebase files. Capability: None provided in this file. Sanitization: Not applicable.
Audit Metadata