unity-api

SUSPICIOUS rather than malicious: the skill’s capabilities fit its Unity API purpose, and there is no evidence of credential theft, exfiltration, or deceptive network routing. The main issue is trust: it requires an unverified external `u` CLI and a prerequisite sibling skill, so install/execution trust is incomplete and overall risk remains high under the mandatory unverifiable-binary rule.