godot
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill is designed to process and execute content from Godot project files, GDScript scripts, and scene configurations which may originate from untrusted sources.
- Ingestion points: Processes files such as project.godot, *.tscn, and *.gd files via the load() function or CLI commands.
- Boundary markers: No specific delimiters or warnings to ignore embedded instructions are included in the usage patterns.
- Capability inventory: Includes the ability to execute code via the Godot CLI and manage file system assets through exports.
- Sanitization: Lacks evidence of input sanitization or validation for the project data being processed.
- [COMMAND_EXECUTION]: The skill provides examples of using the Godot Command Line Interface (CLI) to automate tasks like running scripts and exporting builds. These commands are essential to the primary functionality of the Godot engine.
Audit Metadata