introduce-puzzmo-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @puzzmo/sdk package via npm and references a development simulator script hosted on cdn.jsdelivr.net. Both the package and the CDN are recognized as official vendor resources or trusted services.
- [PROMPT_INJECTION]: The skill implements an interface for receiving puzzle data and game states from an external host. 1. Ingestion points: puzzleString and boardState are ingested via the sdk.gameReady() method in SKILL.md. 2. Boundary markers: Absent; data is processed directly after parsing. 3. Capability inventory: No dangerous capabilities, such as arbitrary command execution or network exfiltration of sensitive files, were identified in the skill. 4. Sanitization: The skill uses JSON.parse() to structure the incoming data from the host.
Audit Metadata