Skills
skills/opusgamelabs/game-creator/monetize-game/Gen Agent Trust Hub

monetize-game

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple command-line utilities including node, npm, git, gh, and curl to perform project detection, authentication, building, and deployment verification. It also executes local scripts for the Play.fun and here.now ecosystems (playfun-auth.js, publish.sh).
  • [EXTERNAL_DOWNLOADS]: The skill modifies the game's index.html to include a script tag fetching the Play.fun SDK from https://sdk.play.fun/latest. This is a standard client-side integration for the platform's functionality.
  • [DATA_EXFILTRATION]: Game-related metadata (name, description, and the public deployment URL) is sent to the Play.fun registration API (api.play.fun). This is necessary for the skill's primary purpose of game registration.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The skill reads project configuration files such as package.json and vite.config.js, as well as source code like EventBus.js to determine game logic and metadata.
  • Boundary markers: None identified; the skill assumes standard project structures.
  • Capability inventory: The skill has the ability to write files (index.html, src/playfun.js) and execute build/deploy commands (npm run build, publish.sh).
  • Sanitization: No explicit sanitization or validation of the ingested file content is mentioned before it is processed or used in shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 08:03 PM