flame-game-dev
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- PROMPT_INJECTION (SAFE): The documentation focuses entirely on technical game development. No instructions were found that attempt to override system prompts, bypass safety filters, or reveal internal agent instructions.
- DATA_EXFILTRATION (SAFE): While the skill includes code for networking (WebSockets in
multiplayer.md) and file storage (saveload.md), these are standard implementations for game state synchronization and local saves. No hardcoded secrets or suspicious external network calls were detected. - REMOTE_CODE_EXECUTION (SAFE): There are no patterns involving the download and execution of remote scripts (e.g.,
curl | bash). Commands mentioned are standard Flutter development tools (flutter pub add,flutter build). - INDIRECT_PROMPT_INJECTION (LOW): The skill provides code templates that ingest external data (JSON for quests, items, and translations). While this represents a technical attack surface if the resulting game were to process malicious third-party content, the skill itself is an educational template and does not implement exploitable logic for the agent.
- OBFUSCATION (SAFE): All content is provided in clear-text Markdown and Dart. No encoded strings, homoglyphs, or hidden Unicode characters were identified.
- DYNAMIC_EXECUTION (SAFE): The skill uses standard JSON parsing (
jsonDecode). No unsafe execution patterns likeeval()or runtime code generation from untrusted sources are present.
Audit Metadata