theme-factory
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill does not contain any executable scripts, binary files, or code-based logic. It is composed exclusively of markdown documentation and configuration files.
- [SAFE]: The theme definitions in the themes/ directory are static and contain only non-executable metadata such as color palettes and font specifications. No malicious patterns were identified in these files.
- [PROMPT_INJECTION]: An analysis of indirect prompt injection surfaces was conducted. The 'Create your Own Theme' feature allows the agent to generate themes based on user-provided descriptions. This is identified as a benign surface because the resulting output is limited to stylistic parameters (colors and fonts), and the skill includes a human review step prior to application.
- Ingestion points: User-provided theme descriptions processed by the agent in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Modifying artifact styling (colors, fonts).
- Sanitization: Absent, but the operational scope is limited to presentation settings.
Audit Metadata