make-game

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to read/extract user API keys and then embed them verbatim into commands and files (e.g., echo "<API_KEY>" into credentials, substitute the Play.fun API key into an index.html meta tag), which requires the LLM to handle and output secret values directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill orchestrates many build/deploy steps and external integrations and includes an explicit, high-risk instruction to read a local agent credentials file and embed the user's Play.fun API key directly into the public index.html (exposing a secret to anyone visiting the site); while there is no obvious obfuscated backdoor or RCE, this behavior amounts to deliberate credential exposure and unauthorized leakage risk, plus reliance on installing external npx skills (supply-chain surface).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and processes public, user-generated content — e.g., tweet-pipeline.md's "Form B: Tweet URL as game concept" (fetch the tweet via the fetch-tweet/WebFetch flow) and Step 1.5's web searches for character photos/Sketchfab/World Labs/Meshy generation — and the fetched content is parsed and used to drive creative abstraction, celebrity detection, asset generation, and subsequent tool-driven actions, so untrusted third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's verification protocol instructs adding a Playwright MCP tool at runtime via "claude mcp add playwright npx @playwright/mcp@latest" (i.e., fetching and running the @playwright/mcp package from npm https://www.npmjs.com/package/@playwright/mcp), which downloads and executes remote code in the agent environment and is required for the QA flow—so it meets the criteria for a runtime external dependency that executes remote code.