msw-behaviourtree-creator

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the node -e command to execute JavaScript snippets for generating UUIDs and validating JSON file integrity. It also relies on executing a script (scripts/build-spec.cjs) from a separate local skill directory.
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it ingests and acts upon data from the local project environment.
  • Ingestion points: The agent reads project-specific metadata from .behaviourDocs/bt-spec.md, parses logic from .mlua script files, and analyzes existing .behaviourtree files to mirror conventions.
  • Boundary markers: The instructions lack explicit boundary markers or directions to the agent to disregard natural language instructions that might be embedded within the project files.
  • Capability inventory: The skill allows the agent to read and write files and execute Node.js commands via the shell.
  • Sanitization: No sanitization or validation logic is specified for the data retrieved from the project files before it is used to construct the logic of new behaviour trees.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 02:27 AM
Security Audit — agent-trust-hub — msw-behaviourtree-creator