remix-upload-game
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a standard deployment workflow. It uses the
REMIX_API_KEYenvironment variable for authentication, which is a secure practice for managing secrets in agent environments. - [DATA_EXPOSURE]: The skill accesses local project files (HTML game files and
.remix-settings.json) and theREMIX_API_KEYenvironment variable. This access is necessary for its primary function and is directed exclusively toward the officialapi.remix.ggdomain. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data by reading and validating user-provided HTML files.
- Ingestion points: Reads the content of a user-specified HTML file.
- Boundary markers: No specific delimiters or boundary markers are defined for the file content processing.
- Capability inventory: Includes reading/writing local files and performing HTTP POST requests to
api.remix.gg. - Sanitization: The skill performs structural and functional validation of the HTML (checking for SDK tags and specific JS patterns), though it does not explicitly sanitize for embedded natural language instructions. Given the restricted scope of the network operations to the official API, the risk is minimal.
Audit Metadata