building-3d-objects
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: No security issues were detected. The skill follows established Roblox development patterns and focuses on physical object construction.
- [COMMAND_EXECUTION]: The skill utilizes the
mcp__roblox__run_codetool to execute Lua scripts within Roblox Studio. This capability is used for 3D modeling tasks such as part instantiation, CSG operations, and object validation. The provided validation script (scripts/validate.luau) contains benign checks on model properties such as anchoring, positioning, and materials. - [PROMPT_INJECTION]: The skill processes user-provided object descriptions to generate code, which constitutes an indirect prompt injection surface. However, the instructions are strictly constrained to geometric primitives and physical properties. Ingestion points: User building requests triggered by specific keywords in SKILL.md. Boundary markers: None explicitly defined in the Lua templates. Capability inventory: Lua code execution within the Roblox Studio environment via
mcp__roblox__run_code. Sanitization: No input sanitization or validation of the user request content is performed before generating the build logic.
Audit Metadata