godot-export-builds
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/headless_build.shexecutes thegodotbinary with the--headlessflag to automate project exports. This is the primary intended function of the skill and follows standard Godot CLI practices. - [EXTERNAL_DOWNLOADS]: The GitHub Actions configuration in
SKILL.mdreferences well-known resources including standard GitHub actions and the community-maintainedbarichello/godot-ciDocker image. These are trusted components in Godot development workflows. - [INDIRECT_PROMPT_INJECTION]: The
scripts/headless_build.shscript represents an ingestion surface for untrusted data as it accepts command-line arguments ($1 for platform and $2 for version) which are used insedandmkdiroperations. Boundary markers and sanitization are absent in the script, though the potential impact is limited to the local build environment and is common for such automation tasks.
Audit Metadata