unity-vrc-udon-sharp

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and CHEATSHEET explicitly require and document web-loading (references/web-loading.md and the CHEATSHEET web-loading section) using VRCStringDownloader.LoadUrl and VRCImageDownloader.DownloadImage (including user-supplied VRCUrl/VRCUrlInputField and parsed JSON), which ingests untrusted public web content that the agent is expected to parse and act on at runtime, creating a clear path for indirect prompt injection.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 11:55 PM
Issues
1
Security Audit — snyk — unity-vrc-udon-sharp