theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides a mechanism to generate custom themes based on user-provided inputs, which presents a surface for indirect prompt injection.
- Ingestion points: The 'Create your Own Theme' section in
SKILL.mdaccepts arbitrary user inputs to define theme parameters. - Boundary markers: Absent; there are no instructions to the agent to treat theme inputs as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill instructs the agent to 'Apply the selected theme's colors and fonts to the deck/artifact', which implies a capability to modify existing files or objects.
- Sanitization: Absent; no sanitization or validation of the generated theme attributes is described before application.
- [SAFE] (SAFE): All theme files (
themes/*.md) contain only static styling data (hex codes and font names) and no malicious content. - [NO_CODE] (SAFE): This skill consists entirely of Markdown files and does not include any executable scripts, binary files, or external dependencies.
Audit Metadata