theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): Extensive review of all files reveals no malicious patterns. The skill consists entirely of static configuration data (Markdown files) defining color palettes and font choices.
- [DATA EXPOSURE & EXFILTRATION] (SAFE): No network operations, API calls, or sensitive file access patterns were detected. Hex codes provided are standard CSS color values.
- [REMOTE CODE EXECUTION / UNVERIFIABLE DEPENDENCIES] (SAFE): The skill contains no scripts, package manifests (requirements.txt, package.json), or commands to download/execute remote content.
- [INDIRECT PROMPT INJECTION] (LOW): The skill includes a capability to generate custom themes based on user input. While this is an entry point for untrusted data, the skill's scope is limited to generating styling metadata (colors/fonts), which poses minimal risk of hijacking agent control flow.
Audit Metadata