theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- No Code Execution (SAFE): The skill consists solely of Markdown files containing theme definitions (hex codes and font names) and instructional text. It does not include any scripts (Python, JavaScript, Bash) or commands that could be executed by the agent.
- Data Privacy (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration patterns were detected. The skill operates on local theme files and user-provided artifacts.
- Indirect Prompt Injection Surface (LOW): The skill is intended to process external artifacts (slides, documents). This introduces a theoretical surface for indirect prompt injection if those documents contain malicious instructions. However, the skill provides no dangerous capabilities (like shell access or network calls) for an attacker to exploit, and the risk is inherent to the agent's general processing of user data.
- Clean Metadata (SAFE): The skill metadata and descriptions are consistent with its stated purpose of providing styling themes.
Audit Metadata