Skills
skills/dcl-regenesislabs/opendcl/scene-runtime/Gen Agent Trust Hub

scene-runtime

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data and possessing high-privilege capabilities.
  • Ingestion points: External data enters the system context via fetch, WebSocket, and readFile operations described in SKILL.md.
  • Boundary markers: The documentation does not specify or demonstrate the use of delimiters or instructions to distinguish untrusted external content from system prompts.
  • Capability inventory: The runtime provides functions for network communication (fetch, signedFetch), player manipulation (movePlayerTo, teleportTo), and browser interaction (openExternalUrl).
  • Sanitization: The provided snippets show data being processed via JSON.parse and TextDecoder without explicit validation or sanitization steps before the data is used.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 07:14 PM