validate-game-idea

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the @executor tool to run a local script node .agents/scripts/orchestrator_state.js. Several commands, such as the init command, incorporate user-supplied variables like <project> directly into the command line arguments. If an attacker provides a project name containing shell metacharacters (e.g., ;, &, |, or backticks), it could lead to arbitrary command execution on the host environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted user data in the form of game concepts and project names to generate a validation brief.
  • Ingestion points: Phase 1 and Phase 2 collect raw user input regarding game mechanics, experiences, and project names.
  • Boundary markers: The instructions do not specify the use of delimiters (e.g., XML tags, triple backticks) or "ignore instructions" warnings when processing this user data.
  • Capability inventory: The skill possesses the capability to execute shell commands via @executor and write files to the artifacts/output/ directory.
  • Sanitization: There is no evidence of input validation, escaping, or filtering for user-provided strings before they are used in shell commands or interpolated into the final validation-brief.md artifact.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 02:25 AM