The Agent Skills Directory

[Prompt Injection] (SAFE): The skill contains purely instructional content for game development. No attempts to override system prompts or bypass safety filters were found.
[Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths (like SSH keys or AWS configs) are present. Placeholders like <password> are used in documentation for app signing, which is standard practice. Network code for multiplayer and cloud saves uses standard WebSockets and Firebase APIs with no unauthorized data transmission.
[Obfuscation] (SAFE): All markdown and code snippets are clear and human-readable. No Base64, zero-width characters, or homoglyphs were detected.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references well-known and trusted Flutter packages such as flame, flame_audio, flame_tiled, and steamworks. No piped bash execution or remote script downloading was found.
[Privilege Escalation] (SAFE): No usage of sudo, chmod 777, or other privilege-escalation commands was found. Build commands like flutter build are standard for the development domain.
[Persistence Mechanisms] (SAFE): The skill does not contain any commands that modify system startup, shell profiles, or scheduled tasks.
[Dynamic Execution] (SAFE): Code examples use jsonDecode for handling game data, which is a safe way to parse structured data in Dart. No unsafe deserialization (e.g., pickle) or eval() patterns were present.

flame-game-dev