hz-unity-project-analyzer
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted project data which creates a potential vulnerability surface.
- Ingestion points: The agent is instructed to read various project files including
README.md,CHANGELOG.md,Packages/manifest.json, and Unity asset files (SKILL.md). - Boundary markers: There are no instructions to wrap external content in delimiters or provide explicit 'ignore embedded instructions' warnings for the agent during the documentation process.
- Capability inventory: The skill involves extensive file system read operations across the project and write operations to the
.agent-docs/directory. - Sanitization: The skill lacks instructions for validating or sanitizing the content read from external files before it is processed or written into the documentation.
Audit Metadata