cogames-variant-debug
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and analyze untrusted external data, specifically game mission definitions and logic files. Because the workflow involves executing these missions using 'uv run cogames play', a malicious mission file could contain instructions that hijack the agent's execution flow.
- Ingestion points: Mission definitions, reward/assembler logic, and git diff outputs.
- Boundary markers: None present in the instructions to distinguish between trusted system prompts and untrusted data.
- Capability inventory: Execution of subprocesses via 'uv run' and version control operations via 'git diff'.
- Sanitization: No evidence of sanitization or validation of the mission files before execution.
- [Command Execution] (MEDIUM): The workflow explicitly directs the agent to execute shell commands. While necessary for the stated purpose of debugging, this capability can be abused if the inputs to the commands are sourced from untrusted mission metadata or filenames.
Recommendations
- AI detected serious security threats
Audit Metadata