quick-game
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands including
npm install,npm run dev, andnpm run buildwithin the scaffolded game directory. These commands execute scripts defined in the template'spackage.jsonfile, which is a potential vector for arbitrary code execution if the template files are compromised. - [EXTERNAL_DOWNLOADS]: The skill uses
npm installto download and install Node.js dependencies from the public npm registry. This introduces a supply chain dependency risk, as the skill does not verify the integrity or safety of the packages being installed during the scaffolding process. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes external data from user-provided URLs to guide its behavior.
- Ingestion points: The skill fetches content from
x.com,twitter.com, andfxtwitter.comURLs via thefetch-tweetskill. - Boundary markers: The game concept derived from the tweet is passed directly to a subagent's
Taskprompt without boundary delimiters or instructions to ignore instructions embedded within the tweet content. - Capability inventory: The skill has the capability to write to the local filesystem, execute shell commands through npm, and perform network requests.
- Sanitization: There is no evidence of sanitization or validation of the fetched tweet content before it is used to influence the implementation logic performed by the subagent.
Audit Metadata