make-game
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates project development by executing local command-line tools, including game engine scaffolders (e.g., Unity, Godot) and testing scripts like
scripts/iterate-client.js. These are standard operations for its intended use case. - [REMOTE_CODE_EXECUTION]: The skill utilizes
npxto install additional modules from the developer's official NPM organization. Per security policy, downloads from well-known services and the vendor's own infrastructure are considered safe and routine for platform extension. - [PROMPT_INJECTION]: The skill's architecture involves reading project documentation and configuration files to maintain session context. While this creates a surface for indirect prompt injection from repository content, the skill manages this risk through a highly structured, phase-based process and explicit user confirmation steps.
Audit Metadata