Skills
skills/saschb2b/skills/theme-colors/Gen Agent Trust Hub

theme-colors

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a shell command to audit the codebase: grep -rEn '(#[0-9a-fA-F]{3,8}|rgba?\\(|hsla?\\(|oklch\\()' src/ app/ components/. The command is restricted to specific directories and is used for its intended purpose of identifying color literals.
  • [PROMPT_INJECTION]: The skill processes untrusted codebase files, creating a surface for indirect prompt injection. 1. Ingestion points: source files in src/, app/, and components/. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution (grep) and file-writing instructions for refactoring. 4. Sanitization: Absent.
  • [SAFE]: The external link https://saschb2b.com/blog/designer-meets-theme is a reference to a technical blog post by the skill's author (saschb2b) and is documented neutrally as a source of information for the theme colors approach.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 12:13 AM
Security Audit — agent-trust-hub — theme-colors