Skills
skills/donchitos/claude-code-game-studios/prototype/Gen Agent Trust Hub

prototype

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill takes untrusted user input via the [concept-description] argument and uses it to define the prototype plan and implementation. The lack of boundary markers or instructions to ignore embedded commands creates a risk of indirect prompt injection. 1. Ingestion points: [concept-description] argument in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit, Read, Glob, Grep. 4. Sanitization: Absent.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to 'Run the prototype' in step 6. This capability allows for the execution of arbitrary scripts on the system, which is a high-privilege operation.
  • [REMOTE_CODE_EXECUTION]: The skill implements a script generation and execution workflow where logic derived from an external concept description is written to disk and then executed via the Bash tool. While this is the primary purpose of the skill, it represents a classic remote code execution attack surface if the input is not strictly controlled.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 11:07 PM