gamification
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manifest and metadata contain no evidence of malicious intent, obfuscation, or unauthorized data access. The use of environment variables for database credentials (SUPABASE_SERVICE_KEY) is consistent with the skill's stated architecture for persistent data storage.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) because it retrieves data from external API endpoints that could be influenced by external actors. Ingestion points: API responses from
{CLAWDBOT_API_URL}/api/gamification/endpoints as documented in SKILL.md. Boundary markers: None identified in the provided documentation. Capability inventory: No executable scripts, subprocess calls, or file-writing capabilities are present in the skill files. Sanitization: No explicit validation or escaping of API data is mentioned in the manifest.
Audit Metadata