game-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill instructions establish a professional game developer persona and direct the agent to use specific reference files for grounding. It contains no instructions to bypass safety filters or ignore system-level constraints.
- Data Exposure & Exfiltration (SAFE): There are no network calls, hardcoded credentials, or accesses to sensitive system paths. The skill operates entirely within the provided context.
- Remote Code Execution (SAFE): The skill does not define any external dependencies (Python or Node.js) and contains no commands to download or execute remote scripts.
- Static Analysis Surface (SAFE): The validation rules in
references/validations.mduse regular expressions to identify performance and architectural issues in user-provided code (e.g., frame-dependent movement, object pooling). These are standard linting patterns and do not involve executing the code being reviewed. - Persistence and Privilege (SAFE): No mechanisms for persistence (like cron jobs or shell profile modifications) or privilege escalation (like sudo) are present.
Audit Metadata