auramaxx
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use several CLI commands to manage and validate game projects. This includes vendor-specific commands like
auramaxx explain,auramaxx check,auramaxx make, andauramaxx publish, as well as standard project scripts likenpm run devandnpm run state. These operations are well-documented and consistent with the skill's primary purpose as a development assistant. - [EXTERNAL_DOWNLOADS]: The skill references documentation from
https://www.aurajs.gg/llm.txt. This is the official documentation site for the AuraJS framework, which is owned by the skill's author (aura-industry). - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection, which is inherent to development tools that process local project files.
- Ingestion points: The skill analyzes local files such as
package.json,README.md,aura.config.json, and various game assets as defined inproject-requirements.md. - Boundary markers: There are no explicit boundary markers or instructions to isolate the ingested project content from the agent's logic.
- Capability inventory: The skill can execute local development commands and publishing scripts via the
auramaxxCLI andnpm. - Sanitization: The skill does not describe any specific sanitization or validation steps for the content found within project files.
Audit Metadata