game-designer
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, hardcoded credentials, or exfiltration vectors were identified. The skill's logic is consistent with its stated purpose of UI/UX design enhancement.
- [COMMAND_EXECUTION]: The skill utilizes Playwright MCP tools to navigate to local URLs and capture screenshots for visual inspection. This behavior is a functional requirement for auditing the game's appearance.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface through its automated analysis of game project data.
- Ingestion points: Ingests untrusted data by reading project files like
package.jsonand scene source code, and by processing browser content during navigation. - Boundary markers: Absent; there are no instructions provided to distinguish between developer commands and instructions embedded in the analyzed game data.
- Capability inventory: The agent has the ability to modify project source files and control a browser via Playwright.
- Sanitization: No validation or sanitization of ingested content is performed before processing.
Audit Metadata