Game Cog

Security checks across malware telemetry and agentic risk

Overview

Game Cog is a disclosed CellCog-based game asset skill, with the main consideration being that prompts and assets may be sent to an external service.

Install this only if you trust CellCog and are comfortable sending game prompts, concepts, referenced assets, and related project details to that external service. Avoid including secrets or highly sensitive unreleased material in prompts, and verify the separate cellcog dependency before use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly depends on an external API key and routes user prompts to CellCog, but it does not clearly warn that prompts, files, or project details may be transmitted to a third-party service. Users may unknowingly send proprietary game designs, source assets, unreleased content, or other sensitive data off-platform, creating confidentiality and compliance risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal