theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- SAFE (SAFE): No malicious instructions, obfuscation, or data exfiltration patterns were detected. The skill operates as a static data repository for styling information.\n- NO_CODE (SAFE): The skill consists entirely of Markdown files defining themes (hex colors and font names). There are no scripts (Python, Node.js, Shell) or package manifests present, eliminating the risk of unauthorized code execution.\n- INDIRECT PROMPT INJECTION (LOW): The 'Custom Theme' feature processes user-provided requirements to generate new theme definitions. While this creates a minor surface for indirect injection if requirements are reflected into document-writing tools, the impact is confined to visual styling.\n
- Ingestion points: User requirements for custom themes (SKILL.md)\n
- Boundary markers: Absent\n
- Capability inventory: Implicit document/slide modification based on theme data\n
- Sanitization: Absent
Audit Metadata