theme-factory
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest untrusted data (custom theme descriptions and existing artifact content) and perform write operations on files, creating a significant injection surface.
- Ingestion points: User input provided during the 'Create your Own Theme' workflow and the contents of artifacts being styled.
- Boundary markers: Absent; there are no instructions for the agent to use delimiters or to disregard commands embedded within the artifacts or theme descriptions.
- Capability inventory: Modification of user files including slides, documents, reports, and HTML pages.
- Sanitization: None mentioned; the agent is not instructed to validate or escape inputs before applying them as styling parameters.
Recommendations
- AI detected serious security threats
Audit Metadata