theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [External Downloads] (LOW): The skill references Google Fonts (fonts.googleapis.com) to load typefaces for its themes. Google is a trusted organization, and the downloads are limited to static font assets.
- [Indirect Prompt Injection] (LOW): The 'Custom Theme Generation' feature ingests untrusted user input (purpose, mood, brand colors) to dynamically generate themes. This introduces a surface where malicious formatting or instructions could be embedded in design requests. * Ingestion points: Custom theme parameter inputs defined in SKILL.md. * Boundary markers: Absent. * Capability inventory: The skill provides templates for the agent to generate and apply CSS and Python code (using openpyxl/pptx). * Sanitization: Absent.
- [Dynamic Execution] (LOW): The skill facilitates the generation of executable code snippets (CSS variables and Python styling scripts) derived from user-defined parameters. Evidence: Template logic in the 'Custom Theme Generation' and 'Applying Themes' sections.
Audit Metadata