Skills
skills/jwynia/agent-skills/game-facilitator/Gen Agent Trust Hub

game-facilitator

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): In scripts/session-notes.ts, the --output flag is used as a direct path for Deno.writeTextFile. The script does not validate or sanitize this path, allowing an attacker or a misled agent to overwrite any file the user has permissions for, such as shell profiles or SSH keys.
  • PROMPT_INJECTION (LOW): The scripts/session-notes.ts script exhibits an indirect prompt injection surface (Category 8). 1. Ingestion point: The title command-line argument. 2. Boundary markers: Absent; the title is placed directly into a Markdown header. 3. Capability inventory: The script has --allow-write permissions and performs file system writes. 4. Sanitization: Absent; the title is interpolated without escaping or validation. This allows malicious instructions embedded in a title to be written into a file that the agent may trust and read later.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:22 PM