themable
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/install-themable-hooks.shestablishes persistence by installing a git hook in the.git/hooks/directory. This hook automatically executes the theme validation scriptscripts/check-themable.mjsduring repository operations. - [COMMAND_EXECUTION]: The PowerShell utility
scripts/themable-palette.ps1utilizes the-ExecutionPolicy Bypassflag to run the theme generation logic, a practice used to ensure the script functions across different local system configurations. - [COMMAND_EXECUTION]: The script
scripts/themable-palette.mjsdynamically generates project files such assrc/theme/palettes.cssandsrc/theme/palette-utility.jsfrom internal templates. - [PROMPT_INJECTION]: The utility
scripts/check-themable.mjsscans repository source files to detect hardcoded color strings, creating an indirect prompt injection surface through the processing of untrusted local data. - Ingestion points:
scripts/check-themable.mjsreads source files (CSS, JS, TS, Vue, HTML) within the local directory. - Boundary markers: None identified.
- Capability inventory: The skill can write configuration files and modify git hooks.
- Sanitization: The scanner uses regular expressions for pattern detection and does not execute the contents of the analyzed files.
Audit Metadata