defold-project-setup
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script fetches Defold engine metadata and release assets from official domains including d.defold.com and github.com to synchronize builtin project resources.
- [EXTERNAL_DOWNLOADS]: The tool downloads library dependencies from external URLs as configured by the user in the game.project file.
- [COMMAND_EXECUTION]: A local Python script (fetch_deps.py) is executed to automate file system operations, directory management, and environment setup.
- [SAFE]: The script incorporates security-conscious code including strict regular expression validation for directory names and resolution-based prefix checks to prevent Zip-slip and path traversal attacks during dependency extraction.
Audit Metadata