roblox-mcp
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides tools like
script_read,search_game_tree, andconsole_outputthat allow an AI agent to ingest data from the Roblox data model. Because this data (script content, instance names, and log messages) can be controlled by external actors in shared environments or through imported assets, it constitutes a surface for indirect prompt injection attacks. - [REMOTE_CODE_EXECUTION]: The
execute_luautool allows the AI agent to run arbitrary Luau code inside the active Roblox Studio session. The documentation correctly identifies this as a privileged operation that can access HTTP services and Studio-stored credentials, which is an inherent risk of the MCP implementation being managed. - [COMMAND_EXECUTION]: The connection guide provides specific shell commands and JSON configurations that instruct the AI client to execute local binaries (e.g.,
mcp.baton Windows orStudioMCPon macOS) to initialize the MCP server process.
Audit Metadata