theme-factory

The skill explicitly allows users to 'Create your Own Theme' based on 'provided inputs'. The LLM is instructed to 'generate a new theme' using these inputs and then 'apply the theme' to an artifact (e.g., HTML landing pages, slide decks). If the user-provided inputs are not rigorously validated and sanitized before being incorporated into the generated theme definition and subsequently applied, a malicious user could inject arbitrary content (e.g., CSS, HTML, JavaScript) into the target artifact. This could lead to Cross-Site Scripting (XSS) if applied to an HTML page, data exfiltration, or even command injection if the theme application process involves executing shell commands with unsanitized theme data.

The skill describes the ability to 'apply the selected theme's colors and fonts to the deck/artifact', listing 'slides, docs, reportings, HTML landing pages' as examples. This implies the capability to read, parse, and modify various file types. Without explicit instructions on how these modifications are sandboxed, what specific tools are used, and how file paths/contents are handled, there is a risk of: 1) Excessive Permissions, where the LLM might attempt to modify files outside the intended scope. 2) Data Exfiltration, if the modification process involves reading the entire artifact, potentially exposing sensitive data. 3) Command Injection, if underlying tools are invoked via shell commands and artifact names or content are used without proper escaping. The skill description does not provide any safeguards or limitations for these powerful operations.