theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The 'Create your Own Theme' feature in SKILL.md creates a surface for indirect prompt injection by ingesting untrusted user descriptions to guide theme generation. Evidence chain: 1. Ingestion points: User descriptions provided during custom theme creation in SKILL.md. 2. Boundary markers: Absent; instructions do not specify delimiters for user-provided data. 3. Capability inventory: The skill claims the ability to modify existing artifacts (slides, docs, HTML) according to the selected theme. 4. Sanitization: No sanitization or validation of the input description is specified.
- NO_CODE (SAFE): The skill consists entirely of Markdown files defining theme parameters like hex codes and font families. There are no scripts, binaries, or automated installation steps.
Audit Metadata