theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [NO_CODE] (SAFE): This skill consists exclusively of Markdown documentation defining color palettes and font pairings. There are no scripts (Python, JavaScript, or Shell) or binaries provided that could perform malicious actions.
- [DATA_EXPOSURE] (SAFE): No hardcoded credentials, API keys, or sensitive file paths were detected. The hex color codes and font names are standard and benign.
- [PROMPT_INJECTION] (SAFE): The instructions in SKILL.md are descriptive and lack any bypass or override markers. The inclusion of a human-in-the-loop confirmation step ('Get explicit confirmation about the chosen theme') provides an additional layer of security.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process user-provided artifacts and custom theme inputs. While this represents a theoretical ingestion surface for untrusted data, the agent's instructions are limited to visual styling, which presents a negligible risk of exploitation.
Audit Metadata