Skills
skills/chongdashu/love2d-pocket-bomber-game/love2d-gamedev/Gen Agent Trust Hub

love2d-gamedev

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): In references/project-structure.md, the provided loadGame template uses love.filesystem.load('save.lua') and immediately executes the result. This is an unsafe deserialization pattern that permits arbitrary Lua code execution if the save file is compromised. This also represents a significant indirect injection surface (Category 8) due to the combination of external file ingestion and execution capability.
  • [COMMAND_EXECUTION] (MEDIUM): The skill includes shell scripts for iOS automation in references/ios/setup.md and references/ios/xcode-project.md that use find and sed -i to modify Xcode project files. These patterns can be exploited for unauthorized file modifications if malicious paths are introduced.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The references/libraries.md file references 14 third-party libraries on GitHub (e.g., kikito, rxi, vrld) that are not within the trusted scope, introducing supply chain risks for users who download them as instructed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:52 AM