Skills
skills/opusgamelabs/game-creator/design-game/Gen Agent Trust Hub

design-game

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes npm run build in the target directory to verify changes. While standard for development, this runs commands defined in the project's local configuration files.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: Reads package.json, src/core/Constants.js, scene files, entity files, and src/core/EventBus.js from the provided path.
  • Boundary markers: No explicit delimiters or instructions are used to distinguish between game code and agent instructions during the audit phase.
  • Capability inventory: The agent has the capability to read files, write/modify source code, and execute shell commands (npm run build).
  • Sanitization: No sanitization or validation of the ingested file content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 09:23 AM