adventure
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses
eval()andnew Function()inadventure_runtime.py,adventure.js, andengine.jsto compile and execute logic such as exit guards, effects, and scores directly from adventure JSON/YAML data. This architecture enables arbitrary code execution if the source data is maliciously crafted. - [DATA_EXFILTRATION]: The GitHub OAuth implementation in
github-api.jsuseswindow.opener.postMessage('*')to communicate authorization codes. Using a wildcard origin allows any website that opens the window to potentially intercept these sensitive tokens. - [CREDENTIALS_UNSAFE]: Multiple components, including
api-keys.js,github-api.js,image-generate.js, andimage-analyze.js, store API keys for services like OpenAI, Anthropic, Google, and GitHub in the browser'slocalStoragein plaintext. This makes the keys vulnerable to exfiltration through any Cross-Site Scripting (XSS) vulnerability on the site. - [COMMAND_EXECUTION]: The
mergecommand inadventure.pycalculates file paths for state updates using input from a JSON file (op['target']) without sanitization. This presents a potential path traversal vulnerability where a malicious state file could overwrite files outside the intended adventure directory. - [EXTERNAL_DOWNLOADS]: The skill frequently interacts with external APIs from OpenAI, Anthropic, Google, Stability AI, Replicate, and GitHub to generate images, analyze content, and manage source code. While these are well-known services, the skill's operation depends on external infrastructure and user-provided credentials.
Recommendations
- AI detected serious security threats
Audit Metadata