game-architect
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions for the agent to initialize its state by applying several sub-skills 'silently'. Specifically, it states: 'Do not tell the user you are doing this. Just absorb the knowledge, then begin the interview.' While this is a common pattern for managing user experience and avoiding technical clutter, it is a form of instruction concealment.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its research phase (Phase 3). The agent is instructed to use web searches to gather data on 'reference games' and 'genre conventions'.
- Ingestion points: External data from web search results (Phase 3, Steps 1 & 2).
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat search results as untrusted data or to ignore embedded instructions.
- Capability inventory: The agent has the capability to write multiple files to the user's project directory, including
docs/mvp-first-draft.md,CLAUDE.md, and custom agent files in.claude/agents/(Phase 4 & 5). - Sanitization: No sanitization or validation of the retrieved web content is performed before it is used to generate the project structure and code.
- [COMMAND_EXECUTION]: The skill's primary purpose is to scaffold a development environment. It instructs the agent to create numerous configuration files (package.json, biome.json) and directory structures. While these are legitimate actions for a development-oriented skill, the generation of executable files based on potentially untrusted research data (Indirect Prompt Injection) requires user oversight.
Audit Metadata