theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's functionality is limited to reading local markdown files containing visual design specifications. It does not perform any high-risk operations or utilize external tools.
- [PROMPT_INJECTION]: No evidence of direct prompt injection or jailbreak attempts was found in the skill metadata or instructions. Regarding indirect prompt injection: 1. Ingestion points: Processes user artifacts (slides, documents, HTML pages) as described in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: None; no subprocess calls, network operations, or dangerous tool usage identified across any files. 4. Sanitization: Absent. The risk is negligible because the skill lacks any capabilities that could serve as an attack sink.
- [DATA_EXFILTRATION]: The skill does not access sensitive files (e.g., SSH keys, credentials) or perform network requests to any domains.
- [REMOTE_CODE_EXECUTION]: There is no downloading or execution of remote scripts, and no use of dangerous functions like eval or subprocess for code execution. The custom theme generation feature is a decorative text-based task.
Audit Metadata