msw-behaviourtree-creator
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
node -ecommand to execute JavaScript snippets for generating UUIDs and validating JSON file integrity. It also relies on executing a script (scripts/build-spec.cjs) from a separate local skill directory. - [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface as it ingests and acts upon data from the local project environment.
- Ingestion points: The agent reads project-specific metadata from
.behaviourDocs/bt-spec.md, parses logic from.mluascript files, and analyzes existing.behaviourtreefiles to mirror conventions. - Boundary markers: The instructions lack explicit boundary markers or directions to the agent to disregard natural language instructions that might be embedded within the project files.
- Capability inventory: The skill allows the agent to read and write files and execute Node.js commands via the shell.
- Sanitization: No sanitization or validation logic is specified for the data retrieved from the project files before it is used to construct the logic of new behaviour trees.
Audit Metadata