Skills
skills/jubscodes/get-shit-pretty/gsp-brand-refine/Gen Agent Trust Hub

gsp-brand-refine

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted natural language feedback to modify configuration files, creating a surface for indirect prompt injection.
  • Ingestion points: User feedback provided via command arguments or the AskUserQuestion tool.
  • Boundary markers: The instructions do not define delimiters or specific constraints to prevent the model from obeying instructions embedded within the feedback.
  • Capability inventory: The skill uses Edit, Write, and WebFetch tools to modify project files and interact with external APIs across the modification process.
  • Sanitization: No explicit validation or sanitization of the user-provided feedback is implemented before it influences the logic.
  • [DATA_EXFILTRATION]: Fetches design token data from the tints.dev API. This communication is functional for the skill's purpose of generating color ramps and involves non-sensitive design parameters.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 04:01 AM