make-game

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The orchestrator is explicitly told to substitute the user's Play.fun public API key (and to instruct saving other API keys) into deployed HTML/commands—i.e., include credential values verbatim in generated files/outputs—creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses public tweets as part of its required workflow (see "Form B: Tweet URL as game concept" in SKILL.md and the detailed tweet-pipeline.md which instructs using the fetch-tweet/WebFetch flow to read tweet text) and then uses that untrusted, user-generated content to determine the game concept and drive downstream actions, so it clearly exposes the agent to third-party content that could enable indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates a monetization platform (Play.fun/OpenGameProtocol) with concrete API calls and SDK usage: it instructs authenticating via playfun-auth.js, POSTing to https://api.play.fun/games to register a game, retrieving a Play.fun public API key, embedding the Play.fun SDK and meta tag, wiring SDK methods (addPoints, savePoints) into gameplay, and enabling "wallet connect" and token/playcoin rewards. These are specific, non-generic financial/monetization APIs (including crypto wallet integration) rather than a generic HTTP or browser tool. Because it is explicitly designed to register games, track/redeem points, and connect wallets, it meets the "Direct Financial Execution" criteria.