theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The 'Create your Own Theme' feature in SKILL.md accepts user-provided descriptions to generate new themes, creating a surface for instruction injection.
- [INDIRECT_PROMPT_INJECTION] (LOW): 1. Ingestion points: The agent is instructed to read external 'artifacts' (slide decks, docs, HTML pages) to apply styling. 2. Boundary markers: Absent. No instructions are provided to the agent to treat artifact content as untrusted or to ignore embedded instructions. 3. Capability inventory: The skill instructions imply file-write or modification capabilities to update the artifacts. 4. Sanitization: Absent. Content from artifacts is processed directly. Analysis: The skill lacks instructions to distinguish between artifact content and system instructions, making it susceptible to indirect prompt injection if an artifact contains malicious commands.
Audit Metadata