game-development
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill provides instructions for installing standard, trusted Flutter packages (e.g., flame, flame_audio, flame_tiled) from the official pub.dev registry. No untrusted or remote script execution (curl | bash) patterns were detected.
- [CREDENTIALS_UNSAFE] (SAFE): While the guide mentions setting up Android keystore passwords, it correctly uses placeholders ('') and standard configuration steps. No actual secrets, API keys, or private keys are exposed.
- [COMMAND_EXECUTION] (SAFE): Includes standard Flutter build commands for mobile and desktop deployment. No evidence of arbitrary command injection or malicious shell execution was found.
- [PROMPT_INJECTION] (SAFE): The markdown files contain instructional content and code snippets without any attempts to override agent behavior, bypass safety filters, or extract system prompts.
- [DATA_EXFILTRATION] (SAFE): No evidence of code accessing sensitive system files (like ~/.aws/credentials or SSH keys) or exfiltrating data to external domains was found.
- [OBFUSCATION] (SAFE): All content is in cleartext markdown and Dart code. No hidden Base64 strings, zero-width characters, or homoglyph-based evasion techniques were detected.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill provides code for parsing game data (JSON) for quests and dialogues. This represents a potential data ingestion surface for the games being built, but the skill itself is a static guide and the provided parsing logic is standard and safe.
- [DYNAMIC_EXECUTION] (SAFE): Code patterns use standard serialization (jsonDecode) and object instantiation. No unsafe use of eval-like functions or dynamic code generation from untrusted sources was detected.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata