reverse-engineering-tools
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation, project descriptions, and archived code snapshots from the author's GitHub repository (gmh5225/awesome-game-security). These interactions are designed to provide the agent with the necessary information to answer user queries about specific tools and are consistent with the skill's stated purpose.\n- [PROMPT_INJECTION]: The skill's functionality involves retrieving and processing external text data from GitHub, which creates a potential surface for indirect prompt injection.\n
- Ingestion points: Text data is fetched from raw.githubusercontent.com, specifically from README, archive, and description paths (SKILL.md).\n
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the fetched content as potentially untrusted data.\n
- Capability inventory: The agent is tasked with summarizing and explaining the fetched information; the skill does not contain instructions for command execution or system modification using this data.\n
- Sanitization: No validation, escaping, or sanitization of the external data is performed before it is processed by the agent.
Audit Metadata