phaser-architect
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from external project files.
- Ingestion points: The skill is instructed to read requirements from 'docs/GDD.md' and analyze source code within the 'src/' directory (scenes, objects, and main files).
- Boundary markers: There are no specific instructions or delimiters provided to ensure the agent ignores potentially malicious instructions embedded within the ingested game design documents or source files.
- Capability inventory: The skill's capabilities are limited to generating architectural plans, ASCII diagrams, and TypeScript code snippets; it does not request or use tools for shell execution, network exfiltration, or file system modifications.
- Sanitization: The skill does not implement validation or filtering for the content of the read files before processing them.
- [SAFE]: The skill provides legitimate and helpful technical guidance for migrating to Phaser 4, correctly identifying removed APIs such as 'Phaser.Geom.Point', 'Phaser.Structs.Map', and 'Phaser.Create.GenerateTexture' while recommending modern alternatives like 'Vector2' and native JS collections.
Audit Metadata