theme-factory
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's custom theme generation feature creates an exploitable surface for indirect prompt injection.
- Ingestion points: User-provided inputs in the 'Create your Own Theme' workflow described in
SKILL.md. - Boundary markers: Absent. The skill provides no delimiters or instructions to ignore potential commands embedded within the user's theme description.
- Capability inventory: The agent is granted the capability to modify user artifacts (slides, docs, HTML landing pages) as specified in
SKILL.mdunder 'Apply the theme'. - Sanitization: Absent. There is no logic to filter or validate the user-provided theme inputs before they influence the agent's actions.
- [Data Exposure] (LOW): The skill explicitly directs the agent to 'Display the theme-showcase.pdf file'. While this is a local file access, it is limited to the skill's own assets and does not target sensitive system paths.
Recommendations
- AI detected serious security threats
Audit Metadata