Skills
skills/donchitos/claude-code-game-studios/review-all-gdds/Gen Agent Trust Hub

review-all-gdds

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data by reading all Markdown files within the design/gdd/ directory. This creates a potential surface where adversarial instructions embedded in a design document could influence the agent's analysis. No explicit boundary markers or sanitization logic are defined for this ingested content.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool for legitimate project maintenance tasks, specifically running git log --name-only to identify modified documents for the since-last-review mode. It does not construct shell commands from untrusted input.
  • [DATA_EXPOSURE]: The skill accesses project-specific files such as entities.yaml, game-concept.md, and systems-index.md. These operations are limited to the local project scope and no network exfiltration paths were identified.
  • [SAFE]: The skill demonstrates safe operational patterns, including the use of AskUserQuestion to obtain permission before performing Write operations to the file system.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 12:16 AM
Security Audit — agent-trust-hub — review-all-gdds