Skills
skills/donchitos/claude-code-game-studios/setup-engine/Gen Agent Trust Hub

setup-engine

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it retrieves and processes untrusted content from the web to update project documentation and instructions.
  • Ingestion points: Step 7 utilizes the WebFetch tool to retrieve migration guides, changelogs, and API details from external URLs.
  • Boundary markers: The skill does not specify the use of delimiters or instructions to ignore embedded commands within the fetched external content.
  • Capability inventory: The skill has the ability to modify critical project files like CLAUDE.md and technical-preferences.md, and it can update specialist agent instructions (Step 9) using the Write and Edit tools.
  • Sanitization: No explicit sanitization or filtering of external content is performed before it is written to the project's documentation or configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 09:56 AM