xaem-theme-ui
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected in the skill definition. The skill focuses on design token generation and code translation within specified constraints.
- [PROMPT_INJECTION]: The skill allows the agent to process untrusted user input (e.g., mood boards or color briefs) to generate code snippets, which represents a potential indirect prompt injection surface.
- Ingestion points: User input enters the context through positive triggers such as 'generate theme' or 'colour scheme'.
- Boundary markers: The instructions do not define specific delimiters to wrap or isolate user-provided data during the generation process.
- Capability inventory: The agent is empowered to generate CSS variables, TypeScript objects, and Tailwind configuration extensions.
- Sanitization: The skill mitigates risks through explicit 'Anti-Patterns' and a 'Checklist' that require manual or logical verification of contrast ratios and structural immutability.
Audit Metadata