improve-game
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it performs a deep audit of untrusted game files.\n
- Ingestion points: Step 1 involves reading the entire game codebase, including
package.json,.jsfiles,index.html, andtests/(found inSKILL.md).\n - Boundary markers: There are no explicit instructions to the agent to ignore embedded instructions or use delimiters when reading these files.\n
- Capability inventory: The skill can modify the filesystem (Step 4) and execute shell commands through
npm(Steps 4 and 5).\n - Sanitization: No sanitization or validation of the content of the read files is performed before processing them as instructions or data.\n- [COMMAND_EXECUTION]: The skill executes local shell commands to build and test the game.\n
- Evidence: The instructions in
Step 4andStep 5specify runningnpm run build,npm test, andnpm run test:update-snapshots. These commands execute scripts defined in the project'spackage.json, which could be used to run arbitrary code if the project files are malicious.\n- [DATA_EXFILTRATION]: The skill accesses a wide range of local project files which may contain sensitive configuration or structure.\n - Evidence:
Step 1explicitly instructs the agent to readpackage.json, configuration values inConstants.js, and the entire directory structure for scenes, entities, and UI.
Audit Metadata