Skills
skills/donchitos/claude-code-game-studios/create-epics/Gen Agent Trust Hub

create-epics

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted content from design and architecture documents, which creates a vulnerability surface for indirect prompt injection.
  • Ingestion points: The skill reads from multiple local files including design/gdd/*.md, docs/architecture/architecture.md, docs/architecture/tr-registry.yaml, and docs/engine-reference/[engine]/VERSION.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to isolate the content of these files from the agent's core instructions.
  • Capability inventory: The skill has the capability to write files to the project directory (production/epics/) and trigger other agent tasks using the Task tool.
  • Sanitization: Content extracted from these documents is interpolated into prompts and files without validation or sanitization, though the risk is mitigated by mandatory human-in-the-loop approval steps before writing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 11:50 AM