color-cli
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@kood/color-clipackage from the npm registry. This is a vendor-owned resource associated with the skill author. - [COMMAND_EXECUTION]: The skill executes the
colorCLI tool using Bash to perform color conversions and batch processing of CSS files, including in-place file modifications. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process content from external CSS files.
- Ingestion points: CSS files are accessed and processed using the
color css <file>command as described inSKILL.mdandSKILL.ko.md. - Boundary markers: Absent; there are no delimiters or instructions provided to the agent to treat the CSS file content as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill has the capability to execute subprocess commands (
color) and modify local files. - Sanitization: No sanitization or content validation steps are described before the file data is processed by the CLI tool.
Audit Metadata