unity-vrc-udon-sharp
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of instructions designed to bypass agent safety filters or override system constraints was found.
- [DATA_EXFILTRATION]: No sensitive local file access or hardcoded credentials detected. References to player data APIs (PlayerData/PlayerObject) are documented strictly within the context of the VRChat platform's internal persistence systems.
- [EXTERNAL_DOWNLOADS]: The skill documents legitimate use of VRChat's built-in web loading APIs. It provides lists of well-known trusted domains such as GitHub, Discord, and Imgur, consistent with standard community practices.
- [REMOTE_CODE_EXECUTION]: No remote script execution or unverifiable dependencies. The documentation correctly notes that dynamic URL generation is restricted by the platform's security model.
- [OBFUSCATION]: The skill describes an advanced pattern for embedding texture data using Base64 encoding. This is clearly documented as a performance optimization and architectural workaround for platform-specific rate limits, and does not involve hidden malicious payloads.
- [COMMAND_EXECUTION]: No arbitrary shell command execution or unsafe subprocess spawning detected. The inclusion of validation hooks (PowerShell and Bash) demonstrates a focus on maintaining code quality and adherence to compiler constraints.
Audit Metadata