theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): No malicious code, hardcoded credentials, or suspicious network operations were detected. The skill is primarily a repository for font and color palettes.\n- [Indirect Prompt Injection] (LOW): The skill allows users to provide input for the creation of custom themes. This represents an indirect prompt injection surface where a malicious user could attempt to include instructions to subvert the agent during the style application process.\n
- Ingestion points: SKILL.md (the 'Create your Own Theme' section processes user-provided inputs).\n
- Boundary markers: Absent; there are no specific markers or instructions to isolate the user-provided theme descriptions.\n
- Capability inventory: The skill instructions enable the agent to read theme files and modify artifact styles (colors/fonts).\n
- Sanitization: Absent; no input validation or sanitization of user-provided descriptions is specified.
Audit Metadata