Skills
skills/donchitos/claude-code-game-studios/start/Gen Agent Trust Hub

start

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were detected. The skill performs standard project onboarding tasks.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits a common vulnerability surface by ingesting external data (project documents and source code) into the agent context.
  • Ingestion points: Reads files in design/gdd/, .claude/docs/, and src/ (SKILL.md, Phase 1).
  • Boundary markers: Absent; the agent reads raw file content without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: Uses Write to manage production/review-mode.txt and AskUserQuestion for user interaction.
  • Sanitization: None; the skill assumes processed files contain valid documentation or code.
  • Assessment: This is a standard and expected pattern for a project discovery skill. The lack of network capabilities or high-privilege operations mitigates the risk of this attack surface.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 12:16 AM
Security Audit — agent-trust-hub — start