theme-transformer
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill demonstrates good security posture by requiring manual approval before executing any file modifications.
- [COMMAND_EXECUTION]: The skill uses standard git commands for repository management, including branch creation and remote synchronization. These commands are properly scoped to the local repository environment.
- [DATA_EXFILTRATION]: No sensitive data exposure or exfiltration risks were identified. Network operations are limited to communicating with the repository's origin server for standard git tasks.
- [EXTERNAL_DOWNLOADS]: The skill mentions installation via npm and GitHub, which are standard delivery mechanisms for this type of tool. It does not download or execute arbitrary scripts from untrusted external sources at runtime.
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface by reading local branding documentation. However, the risk is mitigated by the mandatory 4-step workflow that requires the user to review and approve all proposed changes before implementation.
Audit Metadata