theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access commands were detected across any of the 13 files analyzed.
- [NO_CODE]: The skill consists entirely of configuration files and documentation. It does not include any executable scripts (Python, Node.js, Shell), which significantly reduces the potential for remote code execution or system exploitation.
- [PROMPT_INJECTION]: The skill features a custom theme generation capability based on user-provided descriptions. This represents an indirect prompt injection surface, but it is mitigated by a human-in-the-loop review step before application. 1. Ingestion points: User-provided descriptions in 'Create your Own Theme' (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Artifact styling (text/color modification) and file display. 4. Sanitization: Explicit human verification checkpoint.
Audit Metadata