game-build
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest and act upon data from external markdown files (
docs/mvp-first-draft.md,docs/world-lore.md, etc.), which could contain malicious instructions intended to influence the agent's code generation logic. - Ingestion points:
docs/mvp-first-draft.md,docs/build-registry.md,docs/world-lore.md, anddocs/quest-registry.mdare read during Phase 0 and Phase 4 to determine build logic and narrative coherence. - Boundary markers: The skill instructions do not explicitly define boundary markers or instruct the agent to ignore Natural Language instructions found within the project documentation files.
- Capability inventory: The skill has the capability to write and modify files within the
src/anddocs/directories and suggests shell commands (bun vitest,bun run dev) for the user to execute. - Sanitization: No explicit sanitization or validation of the content of the markdown files is performed before the data is used to generate executable code.
- [COMMAND_EXECUTION]: Shell Command Suggestions. The skill instructs the agent to provide the user with shell commands for running and testing the generated components.
- Evidence: Phase 6 specifies the output of commands such as
bun run devandbun vitest run src/[component-name]/. While these are suggested to the user rather than executed autonomously, they represent a path for potentially malicious code execution if the generated components were manipulated via injection.
Audit Metadata