team-combat
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill takes user input via the
[combat feature description]argument and passes it into the prompts of multiple subagents (game-designer, gameplay-programmer, etc.). This creates a vulnerability where a malicious user could craft a description containing instructions to override the subagents' intended behavior. - Ingestion points:
SKILL.md(argument-hint) - Boundary markers: Absent (The skill does not use delimiters or instructions to ignore embedded commands in the user input)
- Capability inventory:
Bash,Task,Write,Edit,TodoWrite - Sanitization: Absent (No validation or filtering of the input is performed before interpolation)
Audit Metadata