viral-game
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its processing of external tweet data.
- Ingestion points: In
tweet-pipeline.md, the skill fetches and parses third-party tweet content to derive game concepts. - Boundary markers: The skill includes explicit safety instructions in
tweet-pipeline.mddirecting the agent to ignore any code or instructions within tweets and use the content only for creative inspiration. - Capability inventory: The skill has extensive capabilities including shell command execution (
npm,node,bash), file system modification, and network access viacurlandWebFetch. - Sanitization: Mitigation is based on instructional boundary markers provided to the agent.
- [COMMAND_EXECUTION]: The skill performs several automated system and environment management tasks.
- Executes build and test pipelines using
npm run buildandnpm test. - Manages local credentials for the here.now hosting service by writing to
~/.herenow/credentialsand setting restrictive file permissions. - Instructions include modifying the agent's global configuration by adding an MCP tool via
claude mcp add playwright. - [EXTERNAL_DOWNLOADS]: The skill integrates various external dependencies and remote resources.
- Downloads game assets and 3D models from services including Meshy AI, World Labs, and Sketchfab.
- Injects the Play.fun Browser SDK directly into the game's HTML from
https://sdk.play.fun/latest. - These downloads originate from well-known technology platforms and service providers.
Audit Metadata