godot-mcp-scene-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted user requests to build scene hierarchies and execute them, creating a significant attack surface where malicious input could lead to harmful file operations or code execution.
- Ingestion points: User prompts for scene generation (e.g., 'Make a character').
- Boundary markers: Absent; user intent is directly mapped to tool parameters.
- Capability inventory: mcp_godot_create_scene (file write), mcp_godot_run_project (subprocess execution), mcp_godot_launch_editor (subprocess execution).
- Sanitization: None; the skill does not validate or escape node types, paths, or script content.
- Command Execution (HIGH): The tools mcp_godot_run_project and mcp_godot_launch_editor directly execute the Godot binary and the generated project content on the host.
- Dynamic Execution (MEDIUM): The workflow generates .tscn files and references GDScript attachment, then executes the result at runtime for 'verification', which is the execution of dynamically generated code.
Recommendations
- AI detected serious security threats
Audit Metadata