pom-theme
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
unzip -pviaBashto extract XML content from PPTX files provided by the user. This involves executing system utilities on file paths and contents supplied by external sources. - [COMMAND_EXECUTION]: A dynamic
python3one-liner is used to perform WCAG contrast calculations. The script incorporates color values extracted from external sources (websites or files), which could be exploited if the extraction process is compromised by malicious input attempting code injection into the Python string literals. - [EXTERNAL_DOWNLOADS]: The skill utilizes
WebFetchandcurlto retrieve HTML and CSS from arbitrary user-provided URLs to identify brand colors, connecting the agent to untrusted external environments. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external websites and PPTX files. Maliciously crafted content in these sources (such as HTML comments, CSS properties, or XML metadata) could attempt to influence the agent's logic during the color extraction or theme generation phases.
- Ingestion points: Website content (WebFetch), PPTX XML files (unzip), and image analysis (Read).
- Boundary markers: None explicitly defined in the instructions for the data extraction phase.
- Capability inventory: Bash shell access (unzip, python3, pom build), local file writes (Write), and network access (WebFetch).
- Sanitization: No explicit sanitization or validation steps are mentioned for the data extracted from external sources before being used in shell commands or theme logic.
Audit Metadata