remix-open-game
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system commands (
openon macOS andxdg-openon Linux) to launch a web browser with a constructed URL. - [COMMAND_EXECUTION]: The URL is built using
gameIdandversionIdextracted from.remix-settings.json. There is no sanitization or escaping of these variables before they are passed to the shell. An attacker who controls the project root can craft a malicious configuration file containing shell metacharacters (e.g.,;,&&, or|) to execute arbitrary code on the user's host system. - [PROMPT_INJECTION]: This skill has an indirect injection surface through the ingestion of untrusted local project data.
- Ingestion points: Project identifiers are read from
.remix-settings.json. - Boundary markers: No markers or safety instructions are used to distinguish the ingested data from shell command parameters.
- Capability inventory: The skill has access to shell execution via the system's default browser opening tools.
- Sanitization: No validation or escaping is performed on the data read from the configuration file.
Audit Metadata