serverccn2-project-editor
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local build and shell commands including
./gradlewtasks for compiling, testing, and running the server, as well as shell utilities for file system auditing and validation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data from the Game Design Document and resource JSON files to drive code generation and configuration tasks.
- Ingestion points: Reads
document/GameDesignDocument.md,serverccn2/res/*.json, andserver.propertiesfiles. - Boundary markers: The skill does not implement explicit instruction isolation delimiters when parsing design documents, relying on standard file parsing.
- Capability inventory: Access to file write operations, shell command execution (Gradle), and environment configuration management.
- Sanitization: Features a
validate_resultprotocol that runs automated builds and tests to verify the correctness and safety of changes before they are finalized.
Audit Metadata