unity-addressables
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses unity-cli to interact with Unity project assets. It also documents a fallback to cargo run for executing the tool from source when a binary is not present, which is a routine practice in software development environments.\n- [DATA_EXFILTRATION]: Connectivity to Unity editor instances is configured via environment variables for the host and port. These settings facilitate cross-process communication for project management and do not constitute an exfiltration threat.\n- [PROMPT_INJECTION]: The skill operates on project metadata and file structures, presenting an indirect prompt injection surface. The risk is considered low due to the specialized nature of the tooling and its focus on asset management.\n
- Ingestion points: Project file contents and directory structures accessed via Read, Grep, Glob, and unity-cli (SKILL.md).\n
- Boundary markers: No specific delimiters are used to wrap external project data.\n
- Capability inventory: Bash(unity-cli:*), Read, Grep, Glob for asset manipulation and inspection.\n
- Sanitization: No validation or escaping of project-sourced data is explicitly performed before tool invocation.
Audit Metadata