theme-factory
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The 'Create your Own Theme' functionality accepts unvalidated user descriptions to generate styling specifications for artifacts.
- Ingestion points: User-provided descriptions for custom theme generation in the 'Create your Own Theme' section.
- Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions within the user input.
- Capability inventory: The skill modifies external artifacts including slides, documents, and HTML landing pages (write capability).
- Sanitization: Absent. There is no mention of filtering or escaping user-provided text. A malicious user could provide a theme description containing instructions that the agent might obey while generating or applying the theme to artifacts.
- Data Exposure (LOW): The skill references reading files from a
themes/directory based on selection. While no explicit code is provided, there is a potential for path traversal if the agent does not strictly validate the theme name before file access.
Audit Metadata