generate2dmap
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command using a Python script to process image assets as part of the asset pipeline.\n
- Evidence: The file
references/layered-map-contract.mdincludes a recommended processing command:python /path/to/generate2dsprite.py process.\n- [PROMPT_INJECTION]: The skill architecture creates a surface for indirect prompt injection due to the ingestion and analysis of untrusted data from the user's game environment.\n - Ingestion points: The workflow in
SKILL.mdrequires the agent to inspect the target game's code, asset loading logic, and coordinate systems.\n - Boundary markers: There are no specific instructions to use delimiters or to ignore instructions embedded within the game project files.\n
- Capability inventory: The skill is authorized to perform file writes and modify source code, as specified in the deliverables section of
SKILL.md.\n - Sanitization: No validation or sanitization procedures for the ingested project files are described in the instructions.
Audit Metadata