theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): Evaluated the skill for potential exploitation via untrusted data ingestion.
- Ingestion points: The 'Create your Own Theme' section in
SKILL.mdallows the agent to process user-provided descriptions to generate new themes. - Boundary markers: Absent. The instructions do not explicitly tell the agent to ignore instructions embedded within the user's theme descriptions.
- Capability inventory: The skill is limited to reading from the local
themes/directory and applying fonts and colors to artifacts. It lacks capabilities for command execution, network access, or sensitive file manipulation. - Sanitization: No sanitization logic is described for user inputs.
- Conclusion: While an ingestion surface exists, the lack of powerful capabilities makes this surface low-risk.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths (e.g., SSH keys, credentials) or network exfiltration patterns were detected. The skill only accesses a specific local
themes/directory and atheme-showcase.pdffile. - [Remote Code Execution] (SAFE): No patterns for downloading and executing remote scripts or packages were found.
Audit Metadata