unity-vrc-udon-sharp

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No evidence of instructions designed to bypass agent safety filters or override system constraints was found.
  • [DATA_EXFILTRATION]: No sensitive local file access or hardcoded credentials detected. References to player data APIs (PlayerData/PlayerObject) are documented strictly within the context of the VRChat platform's internal persistence systems.
  • [EXTERNAL_DOWNLOADS]: The skill documents legitimate use of VRChat's built-in web loading APIs. It provides lists of well-known trusted domains such as GitHub, Discord, and Imgur, consistent with standard community practices.
  • [REMOTE_CODE_EXECUTION]: No remote script execution or unverifiable dependencies. The documentation correctly notes that dynamic URL generation is restricted by the platform's security model.
  • [OBFUSCATION]: The skill describes an advanced pattern for embedding texture data using Base64 encoding. This is clearly documented as a performance optimization and architectural workaround for platform-specific rate limits, and does not involve hidden malicious payloads.
  • [COMMAND_EXECUTION]: No arbitrary shell command execution or unsafe subprocess spawning detected. The inclusion of validation hooks (PowerShell and Bash) demonstrates a focus on maintaining code quality and adherence to compiler constraints.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 11:55 PM
Security Audit — agent-trust-hub — unity-vrc-udon-sharp