asset-discovery

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill utilizes vendor-specific CLI commands to download and remix project templates from the Playdrop catalog.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by processing data from a public catalog. Ingestion points: Results from 'playdrop browse' and 'playdrop search' in references/assets-and-generation.md and references/create-and-remix.md. Boundary markers: Absent. Capability inventory: CLI-based project creation and remixing. Sanitization: Absent; the workflow incorporates instructions to manually inspect assets and confirm fit before integration.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 06:40 PM
Security Audit — agent-trust-hub — asset-discovery