threejs-game-director

Warn

Audited by Gen Agent Trust Hub on Jul 9, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill contains a script (scripts/probe_asset_credentials.sh) specifically designed to probe for the existence of TRIPO_API_KEY, GEMINI_API_KEY, and ELEVENLABS_API_KEY within the user's environment variables.
  • [DATA_EXFILTRATION]: The credential probing script accesses and sources sensitive user shell profile files including ~/.zshrc, ~/.bashrc, ~/.zprofile, and ~/.bash_profile to retrieve environment configuration.
  • [COMMAND_EXECUTION]: The instruction set mandates the execution of multiple local scripts using shell, Python, and Node.js for tasks such as credential checking, project scaffolding, and final report auditing (e.g., bash scripts/probe_asset_credentials.sh, python3 scripts/audit_reference_report.py).
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by loading and following instructions from external SKILL.md files located in various filesystem paths including the user's home directory.
  • Ingestion points: Loading of sibling skill files from paths such as ~/.claude/skills/ or ~/.agents/skills/.
  • Boundary markers: Absent when reading and incorporating instructions from external skill files.
  • Capability inventory: The agent has permission to execute local scripts and access the filesystem.
  • Sanitization: No validation or filtering is applied to the content of the loaded external skill files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 9, 2026, 10:37 PM
Security Audit — agent-trust-hub — threejs-game-director