game-project-state-assessment
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the repository (e.g., release notes, changelogs, and documentation) to classify the project state.\n
- Ingestion points: Local repository files including source tree, deployment configurations, CI/CD pipelines, release notes, and documentation.\n
- Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the analyzed files.\n
- Capability inventory: The agent uses file read capabilities to inspect the repository and file write capabilities to generate the assessment report in
docs/game-studio/project-state.md.\n - Sanitization: Absent.\n- [DATA_EXFILTRATION]: The skill instructs the agent to inspect sensitive file types, including 'production environment files', 'deployment configs', and 'operational runbooks'. While this is performed for the primary goal of assessing project maturity, this behavior creates a risk of exposing credentials or sensitive infrastructure details if the agent includes that content in its summaries or reports.
Audit Metadata