Skills
skills/donchitos/claude-code-game-studios/security-audit/Gen Agent Trust Hub

security-audit

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an inherent surface for indirect prompt injection because its primary purpose is to ingest and analyze untrusted content from a codebase (source files, data assets, and configurations) to generate a report.
  • Ingestion points: The skill reads files from the project directory, specifically targeting src/, assets/data/, and configuration paths in Phase 2 and Phase 3.
  • Boundary markers: The instructions do not specify the use of delimiters or provide the sub-agent with explicit warnings to ignore instructions embedded within the files being audited.
  • Capability inventory: The process utilizes the Read, Glob, Grep, Bash, Write, and Task tools to perform its functions.
  • Sanitization: The skill does not include steps for sanitizing or validating the content of the files before they are processed by the LLM for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:28 PM