minecraft-server-scriptapi
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions were found that attempt to bypass safety guardrails, override core agent behavior, or extract system prompts.
- [Data Exposure & Exfiltration] (SAFE): The skill does not request access to sensitive local files (e.g., SSH keys, credentials) or perform unauthorized network exfiltration. It references official Microsoft Learn documentation via MCP tools for research purposes.
- [Remote Code Execution] (SAFE): There are no patterns involving the download and execution of untrusted scripts. The code examples provided are specific to the sandboxed Minecraft Scripting API environment.
- [Indirect Prompt Injection] (SAFE): Vulnerability surface analysis:
- Ingestion points: User-provided descriptions of Minecraft scripting tasks.
- Boundary markers: Uses Markdown and code blocks to separate instructions from generated code.
- Capability inventory: The skill only generates JavaScript/TypeScript code meant for execution inside the Minecraft Bedrock engine.
- Sanitization: The skill provides instructional templates rather than processing executable data from untrusted external sources.
- [Obfuscation] (SAFE): No encoded content, zero-width characters, or homoglyph-based evasion techniques were detected in the instructions or code examples.
Audit Metadata