Skills
skills/nonlooped/roblox-suite/roblox-datastores/Gen Agent Trust Hub

roblox-datastores

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes and stores persistent data associated with players, such as inventories and stats, which serves as an indirect prompt injection surface.
  • Ingestion points: Data enters the agent's context through retrieval methods in scripts/SafeDataStore.lua (e.g., getAsync, updateAsync).
  • Boundary markers: The skill utilizes Luau tables and JSON serialization but lacks explicit boundary markers or instructions to prevent the agent from interpreting stored data as commands.
  • Capability inventory: The skill possesses extensive capabilities for reading, writing, and listing persistent data across all DataStore types via DataStoreService operations in scripts/SafeDataStore.lua and scripts/BudgetMonitor.lua.
  • Sanitization: scripts/SafeDataStore.lua includes proactive sanitization through validateKey, validateUserIds, and validateValueSize functions, alongside strict pcall discipline for error containment.
  • [SAFE]: The skill references official documentation and resources from Roblox's creator domain (create.roblox.com) to provide authoritative technical guidance.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 12:39 AM
Security Audit — agent-trust-hub — roblox-datastores