Skills
skills/donchitos/claude-code-game-studios/scope-check/Gen Agent Trust Hub

scope-check

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the context field to execute git diff --stat HEAD~20. This is a local shell command execution used to gather information about recent repository changes for analysis.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from git logs, commit messages, and TODO comments found within the codebase. An adversary could place malicious instructions in these locations to manipulate the agent's output. Mandatory Evidence Chain: 1. Ingestion points: Files in design/gdd/, production/sprints/, production/milestones/, git logs, and files containing TODO comments. 2. Boundary markers: Absent. 3. Capability inventory: Read, Glob, Grep tools and shell execution via the context field. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 11:07 PM