godot
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill contains no malicious code, obfuscation, or unauthorized network operations. All scripts and templates provide legitimate utility for Godot Engine development.
- [COMMAND_EXECUTION]: The skill facilitates the use of the
godotengine CLI and local Python validation scripts (scripts/validate_tres.pyandscripts/validate_tscn.py) for project management, testing, and file integrity checks. - [PROMPT_INJECTION]: The skill has a potential surface for indirect prompt injection as it processes user-provided Godot project files (.gd, .tscn, .tres) which could contain malicious instructions.
- Ingestion points: Reading and analyzing project files via the agent or validation scripts.
- Boundary markers: None explicitly defined for untrusted data in the provided templates.
- Capability inventory: Shell command execution (Godot CLI, Python) and file system modification (editing scripts and resources).
- Sanitization: No sanitization or filtering of instruction-like patterns is performed on the ingested project files.
Audit Metadata