cocos2d-x
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): In
examples/getting-started/installation.md, the skill instructs the user to clone the Cocos2d-x repository fromhttps://github.com/cocos2d/cocos2d-x.gitand runpython setup.py. This 'download then execute' pattern involves a repository not on the trusted list. Severity is downgraded from HIGH to MEDIUM as this is the primary intended purpose for engine setup. - [Privilege Escalation] (MEDIUM): The file
examples/getting-started/installation.mdcontains commands usingsudo(e.g.,sudo apt-get install cmakeandsudo snap install cmake). Using administrative privileges for installations is a high-risk pattern, though common for system-level dependency management in developer tools. - [External Downloads] (LOW): The skill references several external URLs for downloads (e.g.,
cmake.org,github.com/cocos2d). While consistent with the engine's official ecosystem, these are untrusted external sources according to the core security rules.
Audit Metadata