develop-web-game
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The SKILL.md file suggests the installation of '@playwright/mcp' via 'npm install -g' if it is not already available in the environment. While Playwright is a trusted tool, this involves downloading and executing third-party code at runtime.
- [REMOTE_CODE_EXECUTION] (LOW): The 'web_game_playwright_client.js' script uses Playwright to launch a browser and execute arbitrary JavaScript on pages via 'page.evaluate' and 'page.addInitScript'. This dynamic execution is local to the browser but is a core capability that could be abused if directed at malicious URLs.
- [PROMPT_INJECTION] (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8) because it directs the agent to visit external or generated URLs and treat screenshots and JSON state as the source of truth.
- Ingestion points: The browser automation script visits URLs and retrieves visual/textual data.
- Boundary markers: None. There are no delimiters or instructions to ignore embedded commands in the game UI or state JSON.
- Capability inventory: The agent has the ability to write code to the workspace, execute shell scripts, and manage state via 'progress.md'.
- Sanitization: None. The agent is encouraged to visually inspect screenshots and adjust its implementation based on the observed state, which could be manipulated by a malicious game page.
Audit Metadata