graphics-api-hooking
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for the agent to fetch remote configuration and documentation from
raw.githubusercontent.com. Specifically, it guides the agent to retrieve README files, repository descriptions, and code archives hosted under thegmh5225/awesome-game-securityrepository. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its reliance on external data ingestion. * Ingestion points: Untrusted data enters the agent context through remote fetches defined in the Data Source section of
SKILL.md. * Boundary markers: The skill lacks any delimiters or instructions that warn the agent to ignore embedded instructions within the fetched files. * Capability inventory: The agent is tasked with fetching and analyzing full code snapshots and repository descriptions. * Sanitization: No sanitization or validation of the content retrieved from the remote GitHub archive is required or implemented, allowing for the possibility of instructions within that content influencing the agent's behavior.
Audit Metadata