generate-theme
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The instructions in SKILL.md guide the agent to execute Node.js scripts from other skills (such as extract-page-data or clone-page) to gather data from target URLs. These commands are integral to the stated purpose of the skill and operate on local scripts.
- [INDIRECT_PROMPT_INJECTION]: The script generate.mjs reads data from theme.json and meta.json (which may be derived from external websites) and reflects it in the generated DESIGN.md. This presents a potential surface where malicious content from a third-party website could be carried into the documentation, potentially affecting other AI agents that read the generated design system.
- Ingestion points: Data enters the system via theme.json and meta.json files processed by scripts/generate.mjs.
- Boundary markers: The generated output does not include explicit delimiters or warnings for downstream agents to ignore embedded instructions.
- Capability inventory: The skill has permissions to read, write, and copy files within the local project directory.
- Sanitization: The script performs no escaping or sanitization on textual metadata extracted from source design tokens before writing them to the markdown output.
Audit Metadata