theme-transformer
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script in
SKILL.mdused for local git branch management to ensure changes are isolated. It utilizes standard git operations (git rev-parse,git fetch,git pull,git checkout) and performs basic shell sanitization on branch names. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is instructed to read local branding documentation (e.g.,
docs/branding.md,brand.md) to inform the design process. - Ingestion points: Reads local branding and design system files from the target repository.
- Boundary markers: The skill does not explicitly define delimiters for this external content, but the mandatory 4-step approval loop acts as a functional boundary.
- Capability inventory: The skill can create git branches and modify local files as part of its theme transformation task.
- Sanitization: There is no explicit sanitization of the content read from documentation files, but the multi-step human-in-the-loop workflow provides a strong defense against accidental obedience to instructions embedded in those files.
Audit Metadata