godot
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the GdUnit4 testing framework from its official GitHub repository and downloads the butler CLI from the well-known itch.io domain for deployment tasks.
- [EXTERNAL_DOWNLOADS]: It references and clones the vendor's own custom Godot engine fork and PlayGodot library from the Randroids-Dojo GitHub organization.
- [REMOTE_CODE_EXECUTION]: Includes documentation for installing the butler CLI using a shell-piped download pattern (curl | sh) from the well-known itch.io service.
- [COMMAND_EXECUTION]: The provided Python scripts (
run_tests.py,export_build.py,validate_project.py) utilize thesubprocessmodule to manage Godot binaries, execute build commands (scons), and run deployment tools. - [DATA_EXFILTRATION]: Provides CI/CD configuration templates (GitHub Actions) that use standard repository secrets for Vercel, Netlify, and itch.io authentication tokens, following industry-standard security practices for automated deployment.
- [SAFE]: The skill's operations, including custom engine builds and network-based deployments, are entirely aligned with the primary purpose of a game development and CI/CD automation toolset.
Audit Metadata