Trust Assessment
theme-factory received a trust score of 77/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Skill allows modification of user artifacts without clear safeguards, Skill requires file system read access for theme files and showcase, Skill implies creation and potential saving of custom themes.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 1ed29a03). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill allows modification of user artifacts without clear safeguards The skill explicitly states its purpose is to 'apply the selected theme's colors and fonts to the deck/artifact' and 'modify' artifacts such as 'slides, docs, reportings, HTML landing pages'. This implies the skill has write access to user-provided files or documents. Without strong input validation, sandboxing, and clear mechanisms for how modifications are handled (e.g., returning a new file vs. modifying in-place), this capability could lead to data loss, corruption, or the injection of malicious content into user files. Modifying HTML files is particularly risky as it could introduce Cross-Site Scripting (XSS) vulnerabilities. Clarify the mechanism for applying themes. If it involves modifying files in place, implement robust sandboxing, strict input validation, and content sanitization. Consider returning a *new* modified artifact rather than altering the original. For HTML, ensure all generated content is properly escaped and sanitized to prevent XSS. | Unknown | SKILL.md:27 | |
| MEDIUM | Skill requires file system read access for theme files and showcase The skill states it will 'Display the `theme-showcase.pdf` file' and 'Read the corresponding theme file from the `themes/` directory'. While these paths appear fixed and internal to the skill, the general capability to read files from the filesystem, if not strictly confined, could pose a data exfiltration risk. If user input could indirectly influence the file path (e.g., through a theme name that is then used to construct a path without sanitization), it could lead to path traversal vulnerabilities. Ensure all file read operations are strictly confined to the skill's intended directories (e.g., `themes/` and the skill's root for `theme-showcase.pdf`). Implement strict input validation and sanitization for any user-provided input that might be used to construct file paths, to prevent path traversal attacks. | Unknown | SKILL.md:24 | |
| MEDIUM | Skill implies creation and potential saving of custom themes The 'Create your Own Theme' section states the skill will 'generate a new theme'. If this involves writing the generated theme definition to the filesystem, it introduces a risk. Without strict control over the write location and filename, this could lead to overwriting existing files, creating files in sensitive directories, or consuming excessive disk space. If custom themes are saved, ensure they are stored in a dedicated, isolated, and non-sensitive directory. Implement strict validation for any user-provided names for custom themes to prevent path traversal or malicious filenames. Consider if saving custom themes is truly necessary, or if they can be generated and applied ephemerally. | Unknown | SKILL.md:67 |
Scan History
Embed Code
[](https://skillshield.io/report/9b3efa48bcbe0e8b)
Powered by SkillShield