theme-factory
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains standard instructional language. No attempts to override system prompts or bypass safety filters were detected.
- [Data Exposure & Exfiltration] (SAFE): There are no commands that access sensitive files (~/.ssh, .env, etc.) or perform network operations. All themes are stored locally in markdown format.
- [Unverifiable Dependencies] (SAFE): The skill does not define any external Python or Node.js dependencies and does not perform any remote code downloads.
- [Indirect Prompt Injection] (LOW): The 'Create your Own Theme' feature accepts user input to generate custom styles. This constitutes an ingestion point for untrusted data. However, the capabilities are limited to choosing fonts and colors, and no boundary markers are missing that would escalate this beyond a standard functional risk.
Audit Metadata