godot-turn-system

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions do not contain any commands designed to override agent behavior, bypass safety filters, or extract system prompts.
  • [DATA_EXFILTRATION]: No network operations, sensitive file path access, or hardcoded credentials were detected. All data processing is local to the Godot engine environment.
  • [REMOTE_CODE_EXECUTION]: There are no patterns involving the download or execution of remote scripts, nor is there any usage of external package managers.
  • [COMMAND_EXECUTION]: The code snippets are restricted to Godot's GDScript language and do not involve shell command execution or subprocess spawning.
  • [DYNAMIC_EXECUTION]: The skill utilizes standard Godot engine features like Callables, signals, and UndoRedo actions. These are used for legitimate game logic events and do not involve runtime code generation or unsafe deserialization.
  • [OBFUSCATION]: No obfuscated strings, hidden Unicode characters, or encoded payloads were found in any of the analyzed files.
  • [INDIRECT_PROMPT_INJECTION]: While the skill processes game data such as combatant arrays and positions, it lacks the dangerous capabilities (like network or file system writes) required for this attack vector to be exploited. It also employs best practices like instance validation (is_instance_valid) and typed variables.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 02:45 PM
Security Audit — agent-trust-hub — godot-turn-system