Skills
skills/toxicpine/ambit-skills/chromatic/Gen Agent Trust Hub

chromatic

Fail

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill's primary installation method is nix run github:ToxicPine/ambit#chromatic, which downloads and executes code directly from a GitHub repository belonging to an untrusted user account. This bypasses the security scrutiny of official or trusted registries.
  • REMOTE_CODE_EXECUTION (HIGH): The chromatic mcp command configures the agent to use npx @playwright/mcp@latest. This pattern of downloading and executing the latest version of a remote package from the npm registry at runtime is vulnerable to supply chain attacks or package takeover.
  • COMMAND_EXECUTION (MEDIUM): The skill performs various system-level operations using flyctl, nix, and npx to manage cloud infrastructure on Fly.io and local networking with Tailscale.
  • PROMPT_INJECTION (LOW): By connecting the AI agent to a cloud web browser via CDP, the skill creates an indirect prompt injection surface. Malicious instructions on target websites could attempt to influence the agent's behavior. The documentation does not specify boundary markers or sanitization logic for content processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 18, 2026, 10:05 PM