godot-dialogue-system
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The dialogue engine processes external data (JSON graphs and dialogue text) which can trigger game logic and state changes.
- Ingestion points: Data enters through
load_dialogue(path)and the parsing of BBCode-style tags[trigger:event_id]in thedialogue_engine.gdscript. - Boundary markers: No specific boundary markers or instruction-ignoring warnings are present to isolate the processed dialogue text from potential control sequences.
- Capability inventory: The system can emit signals, modify global game flags (
set_flag), and potentially interact with inventory systems (give_item) based on the input data. - Sanitization: The
apply_effectfunction splits strings by colons and executes logic without validating the source or content of the effect string beyond a basic match statement.
Audit Metadata