asset-discovery
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill utilizes vendor-specific CLI commands to download and remix project templates from the Playdrop catalog.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by processing data from a public catalog. Ingestion points: Results from 'playdrop browse' and 'playdrop search' in references/assets-and-generation.md and references/create-and-remix.md. Boundary markers: Absent. Capability inventory: CLI-based project creation and remixing. Sanitization: Absent; the workflow incorporates instructions to manually inspect assets and confirm fit before integration.
Audit Metadata