The Agent Skills Directory

[COMMAND_EXECUTION]: The skill documents the use of the execute_luau tool, which allows an AI agent to run arbitrary Luau code within a Roblox Studio session. This is an intended feature of the official Roblox coding harness. The skill includes warnings in references/tool-reference.md and references/security-and-troubleshooting.md regarding the execution of privileged code.
[DATA_EXFILTRATION]: Documentation correctly identifies that the execute_luau capability can be used to make HTTP requests or access credentials within the Studio session. The skill provides clear mitigation strategies, such as using test environments and reviewing agent edits before publishing.
[EXTERNAL_DOWNLOADS]: The skill references and provides links to official Roblox developer resources (create.roblox.com) for downloading Studio and accessing documentation. These are well-known technology service domains.
[PROMPT_INJECTION]: The skill describes tools that ingest data from the Roblox data model (e.g., script_read, inspect_instance) into the agent's context. This represents an indirect prompt injection surface where instructions embedded in game scripts or instance names could influence the agent. The skill addresses this surface by recommending human review of all agent actions and the use of version control to monitor changes.

roblox-studio-mcp-server