wargame
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs local file management using
mkdir -pandcpcommands to maintain wargame journals and prepare HTML dashboard templates. It also invokes external visualization tools such asmmdc(Mermaid) anddot(Graphviz) to render strategic diagrams based on the analyzed scenarios. - [EXTERNAL_DOWNLOADS]: It leverages
WebSearchandWebFetchto gather relevant contextual information and intelligence from external sources to enrich the strategic analysis process. - [PROMPT_INJECTION]: The skill processes untrusted external data from user scenarios and web search results, which presents a surface for indirect prompt injection.
- Ingestion points: Processes user-provided scenario text in
SKILL.mdand retrieves external intelligence throughWebSearchinsession-commands.md. - Boundary markers: Implements a structured 'Scenario Understanding' and 'Alignment Confirmation' phase where the agent synthesizes inputs and requires explicit user approval before proceeding with the analysis.
- Capability inventory: Includes file system write access for session persistence in
~/.claude/wargames/, shell command execution for file management and diagram rendering, and the use of Playwright for capturing dashboard screenshots. - Sanitization: Uses structured JSON data interpolation for the HTML dashboard and employs an interactive confirmation loop to validate the scenario context before the wargame or analysis begins.
Audit Metadata