unity-asset
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
u(unity-cli) binary to perform asset operations and package management. It includes capabilities to add or remove packages and execute direct Unity API calls viau api call, which are standard for developer-oriented tools. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external asset paths and package names. These inputs are interpolated into shell commands for the
uCLI. No explicit boundary markers or sanitization steps are defined to prevent potential injection from malicious file names or project data.
Audit Metadata