graph-world
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows its documented purpose of providing a design tool for application and game worlds. No malicious patterns such as prompt injection, data exfiltration, or obfuscation were detected.
- [COMMAND_EXECUTION]: The instructions include standard shell commands for project bootstrapping (
npm init,npm install,npm run build). these are used legitimately for environment setup and project verification. - [EXTERNAL_DOWNLOADS]: The skill specifies installation of common development dependencies (
typescript,@types/node) and domain-specific packages (graphos-world-plugin,graphos-cli) from standard registries. These references are appropriate for the tool's functionality. - [DYNAMIC_EXECUTION]: The provided reference graph (
World.graph.json) contains small snippets of display logic invalueScriptCodefields. These are used for formatting UI values (e.g., currency formatting) and do not contain dangerous executable commands.
Audit Metadata