game-build-log-triage

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core function of processing untrusted log data while possessing active capabilities.
  • Ingestion points: Untrusted data enters the agent context through the analysis of raw log text, Editor.log files, BuildCookRun logs, and CI transcripts provided by the user (documented in SKILL.md Step 1).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the processed log content, increasing the risk of the agent following instructions embedded in malicious logs.
  • Capability inventory: The skill is granted access to the Bash, Write, and Edit tools in addition to read-only tools (documented in the allowed-tools frontmatter of SKILL.md).
  • Sanitization: There is no requirement for validation or sanitization of external log content before it is processed for triage.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — game-build-log-triage