playdrop
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill heavily utilizes shell commands via the Playdrop CLI (
playdrop) to perform tasks such as authentication, project initialization, asset searching, and project publishing. - Evidence includes commands like
playdrop project init .,playdrop auth login, andplaydrop project publish .spread across all reference files andSKILL.md. - [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the official Playdrop CLI tool from the NPM registry.
- Evidence:
npm install -g @playdrop/playdrop-cliinSKILL.md. - Note: This is a vendor-owned resource consistent with the skill's primary purpose.
- [DATA_EXFILTRATION]: The skill includes functionality to capture gameplay proofs and publish local project directories to the Playdrop platform.
- Evidence:
playdrop project captureandplaydrop project publish .inreferences/publish-and-listing.md. - Note: This behavior is documented as the core feature of the platform integration.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the Playdrop catalog and published demos which could theoretically contain malicious instructions targeting the AI agent.
- Ingestion points:
playdrop detail <ref> --json,playdrop browse, andplaydrop searchcommands inreferences/discovery.mdandreferences/assets-and-generation.md. - Boundary markers: No specific boundary markers or 'ignore' instructions are defined for processing the JSON output of these commands.
- Capability inventory: The agent has the capability to execute shell commands and write to the local file system (via
playdrop project create). - Sanitization: No explicit sanitization or validation of the remote catalog data is mentioned before use in project creation or remixing.
Audit Metadata