Skills
skills/playableintelligence/game-creator/add-feature/Gen Agent Trust Hub

add-feature

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses npm run build in Step 4 to verify the implementation of new features. This executes shell commands defined in the user's project environment.
  • [PROMPT_INJECTION]: The skill uses the $ARGUMENTS placeholder to ingest user feature descriptions, creating a surface for indirect prompt injection.
  • Ingestion points: User-provided text for feature-description passed via $ARGUMENTS in SKILL.md.
  • Boundary markers: The instructions lack specific delimiters or safety prompts to prevent the agent from following instructions embedded within the user's description.
  • Capability inventory: The skill allows the agent to read and modify multiple files across the src/ directory and execute npm commands.
  • Sanitization: There is no explicit sanitization or validation of the input provided by the user before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 11:20 PM
Security Audit — agent-trust-hub — add-feature