threejs-game-director
Warn
Audited by Gen Agent Trust Hub on Jul 9, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains a script (
scripts/probe_asset_credentials.sh) specifically designed to probe for the existence ofTRIPO_API_KEY,GEMINI_API_KEY, andELEVENLABS_API_KEYwithin the user's environment variables. - [DATA_EXFILTRATION]: The credential probing script accesses and sources sensitive user shell profile files including
~/.zshrc,~/.bashrc,~/.zprofile, and~/.bash_profileto retrieve environment configuration. - [COMMAND_EXECUTION]: The instruction set mandates the execution of multiple local scripts using shell, Python, and Node.js for tasks such as credential checking, project scaffolding, and final report auditing (e.g.,
bash scripts/probe_asset_credentials.sh,python3 scripts/audit_reference_report.py). - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by loading and following instructions from external
SKILL.mdfiles located in various filesystem paths including the user's home directory. - Ingestion points: Loading of sibling skill files from paths such as
~/.claude/skills/or~/.agents/skills/. - Boundary markers: Absent when reading and incorporating instructions from external skill files.
- Capability inventory: The agent has permission to execute local scripts and access the filesystem.
- Sanitization: No validation or filtering is applied to the content of the loaded external skill files.
Audit Metadata