theme-factory
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The 'Create your Own Theme' feature allows the agent to ingest untrusted user input to generate styling specifications that are subsequently used to modify local artifacts. This creates an indirect prompt injection surface where malicious input could influence the agent's file-writing behavior. 1. Ingestion points: User-provided descriptions in the 'Create your Own Theme' workflow and potentially files in the themes/ directory. 2. Boundary markers: Absent; there are no delimiters specified to isolate untrusted user data from the agent's core instructions. 3. Capability inventory: File and artifact modification ('apply the selected theme's colors and fonts to the deck/artifact'). 4. Sanitization: Absent; the skill documentation does not describe any validation, filtering, or escaping for the user-provided theme content. While a manual 'show for review' step is included, it is insufficient to prevent sophisticated injection attacks.
Audit Metadata