theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The 'Create your Own Theme' feature processes user-provided descriptions to generate style specifications. * Ingestion point: User input in the theme generation workflow. * Boundary markers: None present. * Capability inventory: Applies colors and fonts to user artifacts (slides, docs). * Sanitization: No explicit validation or escaping of input. The risk is assessed as LOW because the influence is limited to styling properties and a human-in-the-loop review is instructed.
- [Prompt Injection] (SAFE): No malicious override patterns, safety bypasses, or instructions to reveal system prompts were found in the skill or theme definitions.
- [Data Exposure & Exfiltration] (SAFE): The skill only reads its own local theme files and does not attempt to access sensitive system paths or perform network operations.
- [Remote Code Execution] (SAFE): No remote code downloads or execution patterns were detected in the provided files.
- [NO_CODE] (SAFE): No executable scripts or binary files were found; the skill consists entirely of markdown configuration.
Audit Metadata