theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines a workflow that processes untrusted external content, specifically 'artifacts' to be styled and user-provided inputs for custom theme creation. This creates an attack surface where malicious instructions could be embedded in the processed data to attempt to override agent behavior. \n
- Ingestion points:
SKILL.mdinstructions for applying themes to 'any artifact' and using 'provided inputs' for custom generation. \n - Boundary markers: The skill lacks explicit instructions for the agent to use delimiters or ignore embedded natural language commands within the processed artifacts. \n
- Capability inventory: The skill involves reading local files and generating or modifying styled output (internal influence/generation). \n
- Sanitization: No validation or sanitization of input descriptions or artifact content is specified. \n- [Metadata Poisoning] (LOW): The skill metadata in
SKILL.mdreferences external files (LICENSE.txtandtheme-showcase.pdf) that are not present in the skill package, which is a best-practice violation and prevents full verification of the skill's assets.
Audit Metadata