gamedev-expert
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
SKILL.mdfile defines a 'Memory Protocol' requiring the agent to execute a bash command (cat .claude/context/memory/learnings.md) at the start of every session. While the command is used for state retrieval, it encourages the use of shell execution for metadata management. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via its memory loading mechanism. By reading untrusted data from a hidden project file directly into the agent's context without sanitization or boundary markers, a malicious instruction placed in that file during a previous session could be executed.
- Ingestion points: The file
.claude/context/memory/learnings.mdis read via theBashtool and its content is injected into the prompt. - Boundary markers: None. The skill does not provide delimiters or instructions to ignore embedded commands within the loaded memory file.
- Capability inventory: The skill possesses the
Bash,Write,Edit, andReadtools, which could be leveraged if the agent follows injected instructions. - Sanitization: No validation or escaping is applied to the data ingested from the memory protocol.
- [PROMPT_INJECTION]: The skill manifest in
SKILL.mdincludes averified: trueclaim. In a security context, this is considered metadata poisoning as it is a deceptive self-claim meant to influence the user's or analyzer's perception of the skill's safety without external verification.
Audit Metadata