unity-mcp

Warn

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill contains a setup script (scripts/setup.sh) that programmatically modifies the local configuration files of various AI agents (Claude Code, Gemini CLI, and Codex CLI) located in the user's home directory. It uses python3 -c commands to inject JSON and TOML configuration data into these files.
  • [EXTERNAL_DOWNLOADS]: The skill requires the user to install a Unity package from an external, non-trusted GitHub repository (https://github.com/CoplayDev/unity-mcp.git). This repository is not associated with a well-known service or a trusted organization.
  • [PROMPT_INJECTION]: The SKILL.md file includes explicit instructions to the AI agent to "automatically" execute setup steps when a user requests configuration. These steps involve the modification of the agent's own system settings and configuration files.
  • [DATA_EXFILTRATION]: The skill accesses sensitive application configuration files (~/.claude/settings.json, ~/.codex/config.toml, ~/.gemini/settings.json). These files reside in the user's home directory and often contain persistent application state, user preferences, and potentially sensitive metadata related to the agent's operation.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the Unity environment which is then processed by the agent with high-privilege capabilities.
  • Ingestion points: The skill reads Unity console logs (read_console) and searches through project files (find_in_file).
  • Boundary markers: There are no identified delimiters or instructions to prevent the agent from obeying commands embedded within the ingested logs or files.
  • Capability inventory: The skill possesses significant capabilities, including the ability to write files, execute shell commands, create C# scripts, and perform batch operations in the Unity Editor.
  • Sanitization: There is no evidence of sanitization or validation of the data ingested from the Unity environment before it is interpolated into the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 23, 2026, 02:06 PM
Security Audit — agent-trust-hub — unity-mcp