Skills
skills/wot-ui/open-wot/create-wot-ui-theme/Gen Agent Trust Hub

create-wot-ui-theme

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating user-supplied theme names and descriptions into file paths and SCSS code templates. \n
  • Ingestion points: User-provided theme names, style descriptions, and color configurations (SKILL.md). \n
  • Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore instructions within the user input. \n
  • Capability inventory: File system write access for creating 'src/themes/styles/{theme-name}.scss' and modification of 'src/App.vue'. \n
  • Sanitization: Absent; there are no instructions to validate the 'theme-name' for path traversal or malicious syntax before file creation. \n- [COMMAND_EXECUTION]: The skill requires the agent to perform file creation and modification operations, such as creating 'src/themes/styles/{主题名}.scss' and appending '@use' statements to 'src/App.vue'. \n- [DATA_EXFILTRATION]: The instructions direct the agent to read the contents of 'src/App.vue' and existing themes to ensure correct placement of new code, which involves reading project source files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 11:10 AM