goose-adventure-game
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its reliance on external data files for game logic and state. 1. Ingestion points: The engine reads data from scripts/game_script.json and dynamically loads save files from the saves/ directory. 2. Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore embedded commands within the game data. 3. Capability inventory: The skill includes file-writing capabilities in scripts/game_engine.py and file-copying/importing logic in scripts/save_manager.py. 4. Sanitization: While the skill uses json.load to parse data, it does not sanitize or validate the resulting strings to prevent them from being interpreted as instructions by the agent.
Audit Metadata