Skills
skills/dinghuanghao/openword/openword-player/Gen Agent Trust Hub

openword-player

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the source code for the 'OpenWord' game from the author's GitHub repository (github.com/dinghuanghao/openword.git) to provide the game environment.
  • [REMOTE_CODE_EXECUTION]: Installs and executes code from an external source using 'npm install' and 'npm run dev' after cloning the repository.
  • [COMMAND_EXECUTION]: Executes shell commands including 'git clone' and uses a custom bash script ('scripts/openword_rest.sh') that invokes 'curl' to communicate with a local server.
  • [PROMPT_INJECTION]: Exhibits a vulnerability surface for indirect prompt injection (Category 8).
  • Ingestion points: The skill retrieves 'world_view' and 'narrative' data from the game's REST API ('/api/get_current_game_state').
  • Boundary markers: There are no delimiters or instructions to ignore instructions that might be embedded in the game's narrative.
  • Capability inventory: The skill can execute commands via 'curl' and access local files (images in the '.openword' directory).
  • Sanitization: No sanitization or validation is performed on the text received from the game server before it is used to influence the agent's behavior. Note: The provided bash script does use a basic JSON escaping function for its outgoing requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 03:26 AM