Skills
skills/opusgamelabs/game-creator/improve-game/Gen Agent Trust Hub

improve-game

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data by reading the entire game codebase (e.g., src/, package.json, index.html) to perform its audit.
  • Ingestion points: SKILL.md defines a broad reading phase in 'Step 1: Deep audit' covering nearly all files in the project directory.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content within the audited files.
  • Capability inventory: The skill has the ability to create and modify files, and execute shell commands via npm.
  • Sanitization: There is no evidence of sanitization or validation of the content read from the codebase before it is used to generate improvement plans.
  • [COMMAND_EXECUTION]: Local Shell Command Execution. The skill triggers npm run build, npm test, and npm run dev. These commands execute scripts defined in the project's package.json, which could be used to execute arbitrary code if the project file being audited is malicious.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 08:03 PM