theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code (SAFE): The skill consists exclusively of Markdown files and metadata. There are no scripts (Python, Node.js, Shell), binaries, or installation manifest files present. Without executable content, the risk of runtime malicious behavior is non-existent.
- Indirect Prompt Injection (SAFE): The 'Create your Own Theme' feature mentioned in
SKILL.mdallows for user-defined input to generate styles. While this is a data ingestion point, the skill's lack of high-risk capabilities (like shell access or network requests) prevents this from being a viable attack vector. - Data Exposure (SAFE): All files were reviewed for hardcoded credentials, API keys, or sensitive file paths. No such secrets were found. All theme files contain only public font names and hex color codes.
Audit Metadata