Skills
skills/opusgamelabs/game-creator/qa-game/Gen Agent Trust Hub

qa-game

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads standard, well-known testing libraries (@playwright/test, @axe-core/playwright) and browser binaries (Chromium) from the official NPM registry and Playwright infrastructure. These resources are well-known services and do not escalate the verdict.
  • [COMMAND_EXECUTION]: Uses npm and npx to install dependencies and run the Playwright test engine. These commands are localized to the project environment and align with the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted project data (e.g., package.json, design-brief.md, and scene files) to guide test generation.
  • Ingestion points: reads package.json, vite.config.js, design-brief.md, and all files in src/ (SKILL.md).
  • Boundary markers: None present to distinguish project data from agent instructions.
  • Capability inventory: Performs npm install, file system writes to tests/, and npx playwright test (SKILL.md).
  • Sanitization: No explicit sanitization of ingested file content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 08:03 PM