theme-factory
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill exhibits an indirect prompt injection surface (Category 8) due to its core functionality of processing external data with file-modification capabilities.
- Ingestion points: Untrusted artifacts provided by users (slides, documents, HTML pages) and user-supplied descriptions for custom themes.
- Boundary markers: Absent. The instructions do not define delimiters or specific warnings for the agent to ignore instructions embedded within the user-provided content.
- Capability inventory: The skill directs the agent to perform file modifications ('Apply the specified colors and fonts') across user artifacts, which is a high-privilege write capability.
- Sanitization: Absent. No validation or sanitization of the artifact content is performed before the styling instructions are applied.
- Mitigation Note: The skill includes human-in-the-loop checkpoints, such as theme selection confirmation and review of custom themes, which provide a degree of protection against accidental obedience but do not eliminate the threat of adversarial prompt injection.
- NO_CODE (LOW): The skill consists entirely of Markdown files and does not contain any executable scripts, binaries, or configuration files for package managers, which significantly limits the potential for direct code-based attacks.
Recommendations
- AI detected serious security threats
Audit Metadata