wargame
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands for file management and visualization. Specifically, it instructs the agent to use
mkdir -pto create journal directories at~/.claude/wargames/andbash cpto copy report templates to/tmp/. It also references checking for the presence of visualization tools likemmdc(Mermaid CLI) and Graphvizdotusingcommand -v. - [EXTERNAL_DOWNLOADS]: The skill performs information gathering using
WebSearchandWebFetchtools. These are used to provide intelligence briefings and contextual research for specific wargaming scenarios. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data. * Ingestion points: User-provided scenario descriptions (SKILL.md) and external web content retrieved via search tools (SKILL.md). * Boundary markers: Absent; there are no explicit delimiters or instructions to ignore embedded commands within ingested data. * Capability inventory: The skill possesses the ability to write to the file system (SKILL.md), execute shell commands for reporting (references/session-commands.md), and perform network requests via search tools (SKILL.md). * Sanitization: Absent; no evidence of input validation or content escaping for external data.
Audit Metadata