The Agent Skills Directory

[COMMAND_EXECUTION]: The skill heavily utilizes a local binary named u (Unity CLI) to interact with the Unity Editor. It executes commands for controlling Play Mode (u play, u stop), inspecting UI structures (u uitree dump, u uitree query), and capturing screenshots (u screenshot).
[REMOTE_CODE_EXECUTION]: The core workflow requires the agent to generate Python test files based on provided templates and subsequently execute them using uv run python. This dynamic generation and execution of scripts on the local system is a high-capability feature that could be exploited if the generation logic is influenced by malicious input.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the UI elements it inspects.
Ingestion points: The agent ingests untrusted data from the Unity environment, specifically element names, labels, and class names via u uitree dump and u uitree query (SKILL.md).
Boundary markers: The templates for generated Python code do not utilize boundary markers or explicit instructions to treat UI metadata as untrusted content.
Capability inventory: The agent has the ability to write files to the local filesystem and execute them via uv (SKILL.md).
Sanitization: There is no logic provided to sanitize or validate UI element strings before they are interpolated into the generated Python test scripts, potentially allowing a maliciously named UI element to inject code or logic into the resulting test file.

unity-ui