gsp-rolling-supervisor
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a set of architectural rules and a worker graph for an autonomous build-verify-repair loop, which is a standard orchestration pattern.
- [PROMPT_INJECTION]: The skill implements a rolling state mechanism where the agent reads from and writes to state files (
docs/game-studio/rolling/state.json). This creates a surface for indirect prompt injection as data from previous sessions or the project repository is re-ingested into the agent context. - Ingestion points:
docs/game-studio/rolling/state.jsonand project files during the build/verify/repair cycles. - Boundary markers: No explicit delimiters or instructions to ignore instructions embedded in the project files are provided.
- Capability inventory: The skill possesses file-writing capabilities and instructions to execute repository-level build and repair commands.
- Sanitization: There is no evidence of sanitization or validation of the ingested state or project data before it is processed by the agent.
Audit Metadata