Skills
skills/farworld-labs/remix-skills/remix-upload-game/Gen Agent Trust Hub

remix-upload-game

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads and validates external HTML files provided by the user.
  • Ingestion points: The agent reads game.html and .remix-settings.json from the local file system.
  • Boundary markers: No explicit delimiters or instructions are used to separate the content of the HTML file from the agent's instructions.
  • Capability inventory: The skill can execute shell commands via the remix CLI and send data to an external API (api.remix.gg).
  • Sanitization: The skill performs structural validation (checking for specific tags and function calls) but lacks logic to filter for natural language instructions embedded in comments or strings.
  • [COMMAND_EXECUTION]: The skill uses a local CLI tool (remix) for terminal-based workflows such as creating games and updating version code.
  • [DATA_EXFILTRATION]: The skill reads the contents of local project files and transmits them to the Remix platform's API (api.remix.gg) using a bearer token stored in an environment variable.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 08:21 PM