multiplayer-sync
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides patterns for using standard SDK7 features for multiplayer synchronization, including syncEntity, MessageBus, and signedFetch. All network operations use standard platform APIs (fetch, WebSocket) and are documented for intended game functionality such as leaderboards and real-time state synchronization using vendor-owned resources from @dcl/sdk.\n- [PROMPT_INJECTION]: The skill defines an ingestion surface for external data from WebSockets and the MessageBus, which constitutes an indirect prompt injection surface if processed data influences agent decision-making.\n
- Ingestion points: Data enters the agent context via ws.onmessage handlers, bus.on listeners, and fetch/signedFetch responses in SKILL.md and references/networking-patterns.md.\n
- Boundary markers: No specific delimiters or boundary markers are included in the implementation patterns to distinguish between instructions and data.\n
- Capability inventory: The skill has the capability to modify scene state through engine.addEntity and component mutations, and to broadcast data to other players via bus.emit or ws.send.\n
- Sanitization: Provided code examples demonstrate standard schema-based JSON parsing and data type validation but do not include explicit content sanitization for free-text fields.
Audit Metadata