graphics-api-hooking

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves documentation, repository descriptions, and code snapshots from the author's own GitHub repository (gmh5225/awesome-game-security). These resources are used to provide the agent with technical context and implementation details.
  • [PROMPT_INJECTION]: The skill ingests data from archived code snapshots, which introduces a surface for indirect prompt injection.
  • Ingestion points: Content is fetched from the gmh5225/awesome-game-security repository in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands in the fetched content.
  • Capability inventory: The skill does not explicitly limit its execution environment in the frontmatter, potentially allowing access to default agent capabilities.
  • Sanitization: No validation or filtering of the fetched remote content is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 11:52 PM
Security Audit — agent-trust-hub — graphics-api-hooking