theme-factory
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No active security threats or malicious patterns were detected in the skill definition. The skill focuses on legitimate creative tasks like theme generation and application.
- [EXTERNAL_DOWNLOADS]: The skill references a source repository from 'ComposioHQ', a well-known entity in the AI agent ecosystem. This reference is informational and follows established community practices.
- [COMMAND_EXECUTION]: The verification block includes a command to run a local linting script using Node.js. This is a standard development practice for validating skill structures within the LiYe OS environment.
- Evidence: 'node .claude/scripts/sfc_lint.mjs <skill_dir>' in SKILL.md.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection as it processes user-provided materials (documents, landing pages, reports) to apply visual styles.
- Ingestion points: User-provided materials and brand assets entering the agent context for processing (SKILL.md).
- Boundary markers: No specific delimiters or safety instructions are defined in this high-level workflow skeleton.
- Capability inventory: The skill allows for batch processing of multiple files, theme generation, and exporting configurations (SKILL.md).
- Sanitization: No explicit sanitization or input validation logic is described in the markdown file.
Audit Metadata