theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to process external artifacts such as slides, reports, and HTML pages to apply styling. This creates an attack surface where malicious instructions could be embedded within the content of the artifact being styled. While the skill's stated capability is limited to modifying colors and fonts, a sophisticated injection could attempt to hijack the agent's logic during the styling process.
- Ingestion points: User-provided artifacts (slides, docs, HTML) and user inputs for custom theme generation.
- Boundary markers: None specified in the instructions to separate styling logic from artifact content.
- Capability inventory: Reading from the
themes/directory and modifying/applying styles to user artifacts. - Sanitization: No explicit sanitization or instruction to ignore embedded text within the artifacts is provided.
- No Code Detected (INFO): The provided skill consists only of a
SKILL.mdfile with instructions and metadata. No executable scripts (Python, JavaScript, Bash) or configuration files for automated tools were found, which limits the risk of direct command execution or remote code execution within the skill's own scope.
Audit Metadata