Skills
skills/besty0728/unity-skills/unity-scriptableobject/Gen Agent Trust Hub

unity-scriptableobject

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its data ingestion tools.
  • Ingestion points: Data enters the agent context via the json string and jsonFilePath parameters in the scriptableobject_import_json function.
  • Boundary markers: The instructions lack explicit delimiters or guidance for the agent to ignore potentially malicious instructions embedded within the imported JSON content.
  • Capability inventory: The skill possesses significant 'write' capabilities, including creating assets (scriptableobject_create), modifying fields (scriptableobject_set_batch), and deleting assets (scriptableobject_delete).
  • Sanitization: There are no documented procedures for validating or sanitizing the structure or content of the JSON before it is processed or applied to the project assets.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 10:15 AM