Skills
skills/meowa-ai/meowa-skills/game-assets/Gen Agent Trust Hub

game-assets

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads a manifest and an updated Python runner script from the developer's infrastructure to ensure it is using the latest version.\n
  • Evidence: meowart_api.bootstrap.json references https://raw.githubusercontent.com/Meowa-AI/meowa-skills/main/skills/game-assets/meowart_api.py for updates.\n- [REMOTE_CODE_EXECUTION]: The skill implements a bootstrap mechanism that downloads and executes an updated version of its primary script.\n
  • Evidence: Static analysis identifies the use of os.execve in meowart_api.py, which is used to replace the current process with the updated runner cached locally.\n- [PROMPT_INJECTION]: The skill fetches dynamic guides from a remote API which are then used to instruct the agent on command selection and API usage.\n
  • Ingestion points: The skill-doc command in meowart_api.py fetches Markdown content from the Meowa-AI backend.\n
  • Boundary markers: No delimiters or protective instructions are specified to prevent the agent from following malicious instructions potentially embedded in the fetched guides.\n
  • Capability inventory: The skill can execute Python scripts, download files, and perform complex image and audio generation via API calls.\n
  • Sanitization: No sanitization or validation of the remote documentation content was found in the provided documentation.\n- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute local Python scripts to interact with the Meowa-AI services.\n
  • Evidence: SKILL.md contains multiple command examples for python3 meowart_api.py.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:15 PM
Security Audit — agent-trust-hub — game-assets