record-promo
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically generates a JavaScript file (
scripts/capture-promo.mjs) by analyzing user-controlled game source code and subsequently executes it using thenoderuntime. - [COMMAND_EXECUTION]: Modifies file system permissions by applying
chmod +xto a shell script (convert-highfps.sh) copied from the plugin's local directory to enable execution. - [EXTERNAL_DOWNLOADS]: Detects and installs missing development dependencies, specifically the
@playwright/testpackage and Chromium browser binaries vianpmandnpxcommands. - [PROMPT_INJECTION]: Indirect prompt injection surface identified:
- Ingestion points: Reads content from user-provided files including
src/scenes/GameScene.js,src/core/EventBus.js,src/core/Constants.js, andsrc/main.js. - Boundary markers: None present to distinguish untrusted data from instructions.
- Capability inventory: Execution of Node.js scripts, Shell scripts, and system tools like FFmpeg.
- Sanitization: No evidence of input validation or content sanitization before the agent uses the extracted data to generate executable scripts.
Audit Metadata