godot
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a technical knowledge base for Godot game development. All documented commands and code patterns are standard for the Godot engine and GDScript development workflow.
- [DATA_EXPOSURE]: Documentation in
references/persistence.mdcorrectly guides the user on secure file handling, distinguishing between read-only resources (res://) and writable user data (user://). It specifically warns against the risks of loading untrusted resources which can lead to code execution, demonstrating security awareness. - [COMMAND_EXECUTION]: The skill describes the use of the Godot CLI for project management, exporting, and testing. These are legitimate development tools and are documented for use in CI/CD and automated workflows.
- [INDIRECT_PROMPT_INJECTION]: While the skill involves the agent reading project configuration files (e.g.,
project.godot,.tscn), it does so to understand the project context. No patterns were found that would allow untrusted data from these files to execute malicious instructions or bypass safety filters.
Audit Metadata