godot-skill-judge
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's primary purpose is to process untrusted data from external skill folders.
- Ingestion points: Scans all files and folders in a skill library, specifically reading
SKILL.mdfiles and.gdscript files. - Boundary markers: Absent. There is no evidence of delimiters or instructions to ignore embedded commands within the files being validated.
- Capability inventory: Utilizes the Godot CLI for syntax checking, which involves system-level process execution.
- Sanitization: Absent. There is no mention of filename or content sanitization before processing.
- [Command Execution] (MEDIUM): The skill triggers the Godot CLI (
godot) to validate scripts. If the file paths or script names of the skills being checked are not properly escaped, an attacker could use malicious filenames (e.g.,; rm -rf / ;.gd) to achieve command injection on the host system running the judge.
Recommendations
- AI detected serious security threats
Audit Metadata