Skills
skills/donchitos/claude-code-game-studios/setup-engine/Gen Agent Trust Hub

setup-engine

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses WebSearch and WebFetch tools to retrieve engine versions, migration guides, and changelogs from the internet (Step 7). This involve fetching content from non-whitelisted external domains based on search results.
  • [PROMPT_INJECTION]: An indirect prompt injection surface was identified (Category 8). The skill ingests untrusted data from web documentation and incorporates it into 'Agent Instructions' (Step 9) and project documentation files (Step 7) without sanitization or boundary markers. This could allow malicious content from the web to influence agent behavior.
  • Ingestion points: External web content retrieved via WebFetch in SKILL.md (Step 7).
  • Boundary markers: Absent; fetched data is directly integrated into markdown files and agent instructions.
  • Capability inventory: The skill has Write and Edit capabilities to modify project configuration and agent instructions (Steps 4, 7, 9).
  • Sanitization: No evidence of sanitization, escaping, or validation of external content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:28 PM